Primate Brow Flash

“The preposterous was seeping in fast from every quarter.”

I found “Exit Ghost” at the library while browsing the large print section. I’ve been meaning to read another Philip Roth book ever since American Pastoral. I can read large print forever. I love large print.

I immediately sensed that this is a writer that will never lie to me. His private thoughts just ring too true. He does not filter.
This book is about a famous writer in his 70s going off the rails and watching himself make “bad” decisions with no power to stop it. The comedy in the book flows from this old gent being made into a clown by his own desires.
For example, against his better judgment he enters into a home swapping agreement with an attractive young couple. His reasoning is,
“Then she would be living among my things and I among hers.”

His desires wake up so quickly after such a long down-time. He spends the book tracking the life story of a genius writer named E.I. Lonoff (who, I read, is really a stand-in for Bernard Malamud) and fighting off younger, more virile versions of himself.

The crushing weight of the past in this book almost overwhelmed me.

“You said, ‘Oh Manny, we could be so happy in Florence.’”
Learning this made her enormously happy. “Oh, my. You were such a bad boy. What else? What else? To have a witness to something so long gone– what a gift! Tell me what you heard, bad boy! Tell me everything!”
Tell me, she was saying to me, tell me please, about this intimate moment with this irreplaceable person I love who is dead, tell me on the day I’ve learned of the return of the tumor that is hurtling me toward my own death…”

How is that for wanting house yourself in a little lean-to made of the past?

One thing that threw me off was the weirdly shallow portraits he draws of younger men. They are virile and confident, but are only described that way in one or two words and he’s done.

He makes a HUGE deal about how EXTREME his 11 year hiatus in a comfortable cabin in western Mass. As if anyone crazy enough not to live in Manhattan for any time at all should be a subject of a novel that reminds you of that fact on every page.

He devotes a lot of space to a weird little play he writes about his interactions with the younger woman. He develops that relationship in the play and then develops a “real” one with the woman in the book itself. was it a way of showing how impotent he was? was it some dialog he wrote that didn’t fit in the book, so he worked it in as a play? I’m kind of annoyed by this book within a book and I find that I don’t value what takes place in that fake book, which makes me wonder why I care what takes place in the actual book.

This book left me swimming in a muggy soup of human pheromones, auto exhaust, pollen and a hint of urine.

I was very disappointed by Son of A Witch. It started with promise but devolved into randomness. The author knew he had to fill the middle of the book with events in Oz, but nothing inspirational came to him, so he just had the characters wander around doing appalling things to each other. I can’t even count the unresolved plot threads. Everyone came together for a wrap-up at the end. During the wrap up, it was mentioned to the main character that he had certainly grown over the course of the book. I couldn’t see it. The rule of “show it instead of tell it” applies here. The author failed to provide a compelling climax or give insight into the growth of the main character. No where near as good as Wicked.

The visit to the vast prison called “South Stairs” was relatively inspired, as was some of the politics between the races of Oz, and there was some hilarious dialog between characters. Mostly, though, Oz was rendered in gray scale with muted sounds.

World War Z: An Oral History of the Zombie War. It was a fun read. Max Brooks has spent a lot of time thinking about zombies and their abilities.

Something apparent from the get-go is that the author was using the event of a world wide zombie plague on which to hang a series of critiques of our society. He lazily trotted out a series of stereotypes from each region of interest (South Africa, Israel, India, China, North and South Korea, Japan, Hollywood, the survivalist mid-west, ineffectual Washington, DC). Using the context of a zombie war, the details of which were chilling and persuasive, he delivered a series of pretty banal anecdotes about our society.
These interludes were short, however, and I found the book hard to put down.

My daughter requested a camping trip for her tenth birthday. June is a good month to go camping in Minnesota if you like ticks. I pulled over 20 of them off my body this past weekend.

Our group camp was right next to a huge horse camping area. There’s horses to look at, but there are also a host of flies. There is also a huge marsh behind this group camping area. I didn’t get a chance to look at the other group sites, but I think there is a reason those others filled up first.

The lady at the registration desk is a menace. Just do the opposite of what she says.

Bring lots of bug repellent, tuck your long pants into your socks and stay out of the tall grass. Do a tick check

I took a nice bike ride down some horse trails and down some non-designated trails. This review mentions that the horse trails are too bumpy. I found this to be true until I let some air out of my tires. After that it was tolerable. The non-designated trails were much more interesting. I wound through groves of birch trees, through the massive blowdown area, and past amazing views of the St. Croix River. There is nothing remotely challenging.

Don’t be fooled by the little sign of the swimmer on the summer park map. There is a goose-poop fouled area of hay creek roped off by a line of bouys about 3 feet from the shore. They did go to a lot of effort to import a vast amount of sand for the beach and the kids had a blast there. The adults lounged in the shade. The company on this trip was the best part. Maggie had a great time. I am proud of the blueberry pancakes I cooked over the fire.

The wonderful thing about St. Croix State Park is the views of the St. Croix River. The river and its far shore have this surreal, seven shades of green look, like a diorama made of the Garden of Eden by an over-enthusiastic convert.

There were multiple equipment failures. Our tents are in bad shape. The cheap coleman tent needs a seam sealant. and the expensive Eureka tent has a broken pole! I think someone we loaned it to maybe broke it? Anyone know anything about this?

Here is Captain Holly’s Java Blog. It will cover things that bore the living crap out of many of the readers of this blog. It is not focused on the latest java news. Instead it focuses on how stuff works. It covers:

1. Java
2. other java related languages
3. Competitors to Java
4. design of computer languages, virtual machines, and compilers
5. Web related stuff
6. Security software and how it works
7. Information display and reporting

So far, I’ve used it to review code from open source projects to see how it works.

It is named after Captain Holly of the Saddleford Owsla.

thank you, ABC.

be sure to read the comment section.

The Great Influenza by John Barry covers more than just the 1918 flu. It details a scientific revolution in this country that started with the founding of Johns Hopkins University. This story alone, before the flu even started, just took my breath away.

Medicine in this country before 1900 was likely to do more harm than good to the patient. Primary reasons for this were that doctors were not well trained or regulated and that what training they did get was not based on science.

A small group of superheroes led by William Welch helped start changing this. The medical schools, owned and controlled by local doctors, made more money if they let in anyone who wanted, so there were no academic standards for getting into medical school. Training was based on thinking that hadn’t changed much in the 2200 years since Hippocrates. The belief that you could decide what was true just by deduction and creating a consistent model and not by scientific method, still ruled the day.

The superheroes got together and formed the medical equivalent of the Justice League of America. Many of them were trained in Germany. They created Johns Hopkins University. This would be an institution devoted to medical research based only on science. Other institutes including the Rockefeller Institute and Columbia University started soon after with similar missions.

A striking story from the book was the progress made by these superheroes using pre-antibiotic steampunk medicine against bacterial infections. I always thought that people were helpless against bacteria before antibiotics, but there was much progress in creating anti-toxins, anti-serums, and vaccines. In fact, the survival rate for bacterial meningitis was higher after a serum treatment was found (1910) than it is today with all of our ass-kicking antibiotics.

We say today that the flu comes from people living in close proximity to pigs and birds in China. The 1918 flu probably broke out in Kansas, causing a deadly epidemic in Haskell county where people were also living in close proximity to pigs. It spread from there as a mild illness, and mutated back into something deadly. It was only called Spanish Flu because all other western press suppressed stories of the illness so as not to hurt morale or cause panic during wartime. The Spanish press reported it truthfully so it appeared to the world that it came from Spain.

The superheroes spent most of the book hunting for a bacteria they believed caused the flu. I found myself wishing that Barry had explained the science better. For example, he states that a scientist was trying to figure out why pneumococcus bacteria sometimes had a carbohydrate shell and sometimes did not and how a bacteria could change between those two forms. It states ” he ruled out each substance one by one until he found that it was DNA. ” Well, great. How did he do that? Barry takes pages and pages to describe these guys slaving away in the labs, washing glassware, working the autoclave and growing cultures, but skips the potentially dramatic story of actual discovery. The climax of the book, when a Teen Titan name Richard Shope proved that an outbreak of flu in pigs was caused by a “filterable” virus. He just states this. “And then Detective Magruder went out to lunch and looked at the evidence again and solved the crime.”

Finally, the book spent a lot of time describing the devastating effects the virus had on civilian life. Philadelphia, like every other crowded city, was ripped apart by the flu in 1918. The government pretty much ceased to function and a group of civic minded people formed a parallel government and began running the city’s response to the crisis.

Blackgold is a small google code application that apparently ran amock.

It turns out that the reason for some of the bizarre health issues at our house of late is due to fifth’s disease rather than a real or imagined curse. Four weeks ago, Maureen came down with a bizarre rash that seemed to be triggered by the sun. So, we figured she was allergic to the sun. Now Frank has a similar rash,also triggered by the sun, but this time the doctor immediately recognized fifth’s disease. It is a common, benign viral infection that leaves a rash (which is aggravated by the sun!) at the end of the illness (past the time when it is transmissible). It all fits!

If you’ve seen us in the past month or so, and your kids have a rash… maybe it is fifths (You’re welcome). We were concerned because the literature says that complications could develop if you get this virus while you are pregnant and we did expose a pregnant woman, but it seems that it is only the early stages of pregnancy that this is a concern. The baby was born last night is healthy.

It is called fifths because it is the fifth of the classic childhood skin rashes after measles, rubella, scarlet fever, and the mysterious fourth’s disease.

This morning, I rode by a big dumpster on Como that contained an old roof. About 20 nails had been spilled all over the bike lane so I stopped to pick them up. Just when I was done, a car load of workers, the contractors… kids, really, drove up and said “Hey thanks man, thanks! want a dollar?”

I had just moments before made a vow not to verbally abuse any motorists, so I just rode away without saying anything.

I attended Wednesday’s SpringSource Tomcat Seminar. Spring Source has a product based on Tomcat (Spring tc server). As a way of promoting this, they put on a brilliant seminar featuring Filip Hanik about deployment, performance and troubleshooting of Tomcat. The promotion of TC Server took about 20 minutes of a 4 hour seminar. The format was well thought out: “Here are are some really interesting ways Tomcat can be used, here are the command line tools to do it by hand, and finally, here is our product that helps automate and organize some of these things.”

Information came at such a rapid pace that I barely had time to write down keywords. He did NOT simply read from the slides like a dolt. Here are the slides.

• setenv isn’t documented, but when Tomcat starts, it looks for a file called setenv.sh|bat for instructions about which jvm to use and which Tomcat version to use. A default Tomcat install has no setenv.sh|bat and so defaults are used. For example the default JAVA_HOME is the java home in your system environment variables. Well, shit. All these years I’ve been changing my system’s JAVA_HOME when I could have been fixing setenv.
• supports variables like {port} in configuration files. This means you can have one server.xml file with a variable parameter for port, and the port is defined by which Tomcat instance you feel like starting that day. This is a huge advantage in staging and testing environments as you could be testing with multiple Tomcat versions and java versions.
• Hanik voiced skepticism about the wisdom of hot redeployment in production: failure to explode war files fast enough, memory problems, and problems with serialized sessions were all offered as reasons for this.
• Performance
  1. Logging Affects performance. Logging too much can eat up memory. For production environments, one should disable duplicate loggers.
  2. maxThreads. If CPU useage is low, Tomcat is not taking advantage of hardware and you should increase thread count. By the same argument, if CPU usage is high, lower maxThreads.
  3. maxKeepAlives. KeepAlives are simply keeping TCP connections alive so the handshake does not have to happen again. This setting governs how many requests are allowed from one TCP session. This is especially important if using SSL since handshakes are more costly there.
  4. ConnectionTimeout. How long without activity before a connection is terminated.
  5. AcceptCount: This is a setting that in a way caches a bunch of TCP/IP handshakes. There is also an Operating system level setting for this same activity.
  6. For the most part, tuning Tomcat itself is limited. Tweaking Tomcat won’t do much good if your application is not tuned. The JVM and Operating System need some attention too.
  7. Send and Recv buffers, set at Operating System level, are key to performance tuning.
  8. Garbage Collection affects performance. Heh. That sentence hides the existence of the field of Garbage Collection-ology. He sped through ways to debug garbage collection
• Troubleshooting
  1. We already know that the errors that end up in Catalina.out are those that are not caught by our applications. But, we can configure the way that errors are reported by Tomcat. For example, outOfMemoryException could be any one of 15 errors, but by default Tomcat will just report outOfMemoryException. With a simple command in the startup options for Tomcat, we can tell Tomcat to sift through the error types and take different actions depending on the errors. For example, make a heap dump when
  2. Heap Dumps and other info can be had with Java’s VM arguments such as XX:-HeapDumpOnOutOfMemoryError. Many more are here: http://java.sun.com/javase/technologies/hotspot/vmoptions.jsp
  3. Thread Dumps are very informative. They can show deadlocks. Use kill -3 or Jstack. Java 1.6 has jstack built in.
  4. Profilers: The act of observation changes the thing you’re observing. Profilers will affect your code execution. To minimize the change in outcomes while you do detective work, it is advised to wait until you narrow down the problem before bringing profilers in.

I picked up a volume of the writings of William Saroyan on a free shelf here at work. I read the first story at lunch, “Tracy’s Tiger” and it was vaguely disruptive. Perhaps I’ve been looking for an excuse to veer way out of bounds, but I feel like I got permission to do so from this story. The writing and the characters and the plot are all completely whimsical and skeletal, kind of like this new genre of quirky and deliberately under-produced pop that has sprung up recently.

Time had always fascinated him. he knew he didn’t understand it, but he also knew that anything you ever got- anything that ever mattered - any thought - any truth-you got instantly. You could wait forever if you wanted to, and let it go at that, or you could get moving-moving into time and with time-working at the thought to be received and then suddenly, from having moved into time and with time, and from having worked at the thought, get it, get it whole, get it clean, get it instantly.

I have three products I’m unhappy with:

Trudeau “Centauri” Travel Mug. I bought this mug at Dunn bros so I could stop using a paper cup every day. I’ve been miserable ever since. This mug is hard to clean and very top heavy. I wouldn’t take it on board any vehicle because it tends to fly around the compartment and spill. Also, it doesn’t fit under the spout at most coffee shops, so they have to fill up a paper cup and pour the coffee from it into my poorly designed sucker mug.

Velo Gel Saddle. This came with the Surly Long Haul Trucker. Bike seats are pretty personal. Just because it doesn’t work for me doesn’t mean it is a bad seat. Yet, I’ve never had such an uncomfortable bike seat. It has made my life into a long, slow prostatectomy. Fortunately, I do still have fingers and therefore I can switch the seat out for something more comfortable, like maybe a steak knife jammed into my seat post.

CatEye HL EL-510:
why would anyone put a “dim” setting on a bike light? So that you can say on the package that this light has a mode that gives 60 hours of battery life? The light doesn’t flash, and has a base attachment that screws up into the quick release mechanism, so you can’t just unsnap the thing when you take it somewhere. On the plus side, it isn’t about to come off and spill batteries and plastic all over the street. It is dependable, it’s just kind of a dud. I have a newer CatEye product that I love (Compact Opticube = Hl-el410.). It *Blinks*, it is versatile and has probably already saved my life.

This family celebrated the 100th anniversary of the theory of relativity by driving into the mountains with a van full of cesium clocks and batteries to measure time dilation.

via J-walk blog

The Daily Dave is the watering hole of the security community. It features regular posts from Joanna Rutowska, Dave Aitel, H D Moore, Fyodor, Dan Geer, Sinar and others that I probably should recognize.

Today, they had a thread about the concept of no more free bugs, which Joanna Rutowska and PDP handily shoot down. Also links to her amazing blog as well as a blog I’d never heard of that is almost supernatural in its awesomeness. I refer to http://xorl.wordpress.com/.

Google Blogoscoped links to a study of geotagged images.
This research project generates very interesting maps by collecting data from geotags. This data is not limited to longitude and latitude, but incorporates time of day, and details from the pictures themselves to map out where in the world all the pictures on flickr were taken. They suggest that in the future, the social network contacts of the user can be used as well.

The paper is here.

what they have concluded is that their method can generate better representative images of a search term than the image tags on flickr. Their method may also be used to guess at geotags to help the user as they upload new photos.

I went and watched Gunnar Peterson present an excellent overview of the state of Web Services security.

He had two points that hit home for me. One is that security vendors and developers are on different planets. It brought back memories of having to authenticate a web application using SAML with a device called “Reactivity”. It was 2 weeks of living hell. There was no documentation and no feedback about what I was doing wrong. As a developer, I would have needed a training or at least a hair follicle on which to base an investigation on what to do. Shudder. I liked his point that both developers and security pros need to take some steps towards the other.

Another point was how much of web services security was really left up to the developers and integrators. I saw this working with Oracle’s OAAM. The product can be perfect, but it is up to a team of developers to implement it properly.

He introduced the development of an OWASP top ten for web services. He went over examples of how people screw up web services security. Most memorable was the MQ product by IBM which has anonymous access turned on by default, and a recent error in Google’s Single Sign-on.

Another point was how ruthlessly stateless web services really are. There was a lot of talk on preventing “replay” attacks, which happen when a third party sniffs unencrypted web traffic containing web services calls and sends the exact same instructions again. the listening server has no way to detect if this replay is valid. In web applications, nonces (no more than once) can be used to ensure that replays do not happen, but it is difficult to “hack state back into the protocol”. For these reasons, https needs to be used for sensitive web services transactions. He was careful to say that for most web services implementations, there is a long, long way to go to improve web services security before you need to start worrying about replay attacks. Some of these improvements include proper schema/DTD validation, data type validation, data size validation, message authentication, authorization and logging.

A good web services development and testing tool called soapUI also serves as a good web services hacking tool. With it, you can take any publicly available WSDL and craft attacks against it. Gunnar’s slides took us through using this tool against Web Goat and made it look very easy.

Other points about Web Services. They were created to run on Port 80 so that they would be allowed through firewalls like regular web traffic. As Bruce Schneier said, “A ‘firewall friendly protocol’ is like a skull friendly bullet”

I’m always glad to have gone to OWASP. I was really grumpy before going yesterday afternoon, but the bike ride over there cleared my head and I managed to cram a few more bits of info in. The meetings are free and open to everyone.

Cynical-C has an ongoing feature where he posts one-star reviews of classic books, music and movies:
see if you can guess which works these are from:

when a monkey threw a bone up in the air so high that it went into space and morphed into a rocket-ship I was done with this garbage.

This book was required reading for my tenth grade English class, and I had to buy the Cliff Notes because I couldn’t stand reading one more “aint”.

SNORE. I can’t believe some of you dorky stoners trapped in the ’70s have the nerve to call this album a “masterpiece” or “one of the best albums of all-time”! LOL, MUSIC NERDS! You people can’t be serious. They didn’t even get any MTV or BET airplay. I suggest you listen to a great album like “St.Anger” by Metallica or “Lost Highway” by Bon Jovi if you want a taste of what real music should sound like.

Thank God Ms. Lee only wrote this book; surely her next would degrade society even further.

For one thing, I don’t like to watch things with witches in them, especially if one of them is portrayed as a “good witch” - that’s an oxymoron I can’t reconcile with.

There are murders, but not very unique ones. If I wanted to read a good murder mystery, I would go to Thomas Harris. Every event in the entire book was based on this unrealistic relationship between Daisy, Tom, and Jay.

This book is pathetic. Many people called it a “classic.” It’s the book that killed John Lennon. Oswald had a copy. So I thought “What the heck?” I then embarked on four hours of my life spent reading this complete testacle sack of a book;

What a load of rubbish. War is ugly and brutal, but it is not “insane.”

He’s an American soldier during WWII. However, don’t mistake this book for your average war literature, because it’s not. This book is CrAzY! From the get-go, you’ll be confused. Not because you can’t read but because the book isn’t in chronological order,

A salvage yard is an excellent place to find useless crap. This disk was lying in the dirt next to a wrecked car. The yard was filled with tales of woe. The wreck of our Mazda MPV was there and I had to go get some of our crap out of it. Crap like this oozed from cracks in the wrecked cars. All this crap made kind of a snapshot of what the car owners were up to in their lives at the moment of these life-changing collisions. (everyone here is fine, by the way.)

we’re doing some belt tightening:

Dear Kate,

Your Netflix membership has been cancelled, effective 04/16/2009.

Please return the following titles by their specified due dates:

Due Date Title

04/23/2009 The Bourne Identity (2002)
04/23/2009 The Big Lebowski (1998)
04/23/2009 Weeds: Season 1: Disc 1 (2005)
04/23/2009 Weeds: Season 1: Disc 2 (2005)

We hope you enjoyed the service and will consider returning some day.

-Your friends at Netflix