The Underpinnings

So I moved to Princeton

Sun, 28 Jun 2009 06:33:34 GMT

Most of you know that I recently moved to Princeton, New Jersey for the summer. As a native Californian who generally expects all other states to be completely inferior in every way, (not really) I didn't relish the thought of moving, to of all places, New Jersey. Yet my lack of relish was misplaced. While Princeton isn't exactly the most happening place in the world, it certainly looks like it will be a nice place to spend the summer. Instead of desperate urban hellscape that New Jersey's reputation would lead you to believe, Princeton is instead a nice quiet little town that really if anything, is too nice.

For those of you who don't believe, here's some photos of Princeton, you can see for yourselves: http://www.flickr.com/photos/39879310@N02/3667480710/in/set-72157620661940642/

As for why I'm here, I'm working at Fraser Research, which is a small little research firm redesigning the Internet. It's a project that has been going on for quite a few years now and is slowly getting nearer to completion. The design is interesting and may or may not ever see the light of day, but either way ends up being an nifty project to work on. Some pieces of the design are influenced by some of the work that was done at Bell Labs, as that's Sandy's old stomping grounds. Various pieces take into consideration things that usually are never thought about, so those parts end up being fairly fascinating. Overall, I think it should be a fun summer.

On another topic, due to an amusing set of circumstances other than myself, every last person currently at Fraser is British or an ex-Brit. The other three students are from Cambridge and Sandy and his wife both crossed the pond quite a bit back. It's a bit of an odd experience: I traveled to New Jersey and ended up surrounded by British people, which seems amusing enough to note. The bottom line seems to have been that my active vocabulary has shifted to use words like "bugger" much more often than I really expected.

For those of you who don't really care to go through the full stream of pictures I linked to above, here's a few links into the middle of the stream where you can see something more specific:
Pictures of the office: http://www.flickr.com/photos/39879310@N02/3666676329/in/set-72157620661940642/
Pictures of the house: http://www.flickr.com/photos/39879310@N02/3666674929/in/set-72157620661940642/

Oh, also: Tomorrow I visit Manhattan. Perhaps more pictures then.

Reviewing Scientific Papers

Tue, 26 May 2009 01:58:20 GMT

I don't have any sort of claim to vast experience with reviewing papers or even a claim to producing useful scientific papers. Yet, I do have a claim to needing to take a break from a paper I'm reviewing to let my thoughts simmer down into something coherent. In the meantime, I thought I'd jot down a few thoughts on paper reviews. These thoughts aren't unique and it's unclear there's much of a contribution in stating them here, but perhaps a recasting of ideas in different words might inspire thought. (Or not, I keep re-reading this and it seems more rambling and disorganized than thought provoking. One day I'll learn to do drafts of things I write before hitting that submit button.)

Reviewing a scientific paper can be incredibly multifaceted. You can take a paper that demonstrates an amazing piece of technology that provides substantial improvements that the authors have data to back up and end up deciding it doesn't make a very good paper. The reasons why this is so can sometimes be hard to express. Especially to the poor disappointed authors who eventually receive your review and read it carefully for clues on how to vanquish whatever it was that turned you off from the research they've put so much time into.

Sometimes a paper's problem is that while one can take a piece of technology and construct an amazing system that works well in a lab, it can be highly unlikely that system will work well in real life. The thing is, you never know whether this is the problem. No one really has any clue what types of systems nicely transition from a lab to real-life. We all have ideas on which types of things will make the transition, but determining whether or not this is going to be a problem with a particular paper is not easy. Real life and reality have been frequently known to adopt sub-optimal solutions just as easily as they've been known to adopt triumphs of the research community. Completely accurate determinations as to which systems will succeed involve market forces, timing and a bunch of other factors not easily grasped, predicting the likelihood research turns to reality requires a type of foresight we haven't isolated. Since this problem is impossible, publication venues for papers generally base review criteria on the contribution a paper provides.

Generally, this means that in addition to creating a good system, one must bring something new to the table. The standard thought is that a paper that doesn't make some sort of contribution is just about unlikely to turn into reality as the work done before it. So even if the authors end up building a good system, if a very similar system has already been built, or the authors only solve a few simple issues along the way, we generally assume that solving those issues was not the limiting factor preventing that type of technology from finding it's way out into the world and making everyone's lives better. So when you read paper reviews or you end up reviewing papers, you hear a lot of discussion about what the contribution of each paper might be. The magnitude of the contribution, that is—the actual advancement in the paper—is the defining factor that usually determines a paper's ability to get published.

While this might seem to make sense, let me re-emphasize: The value of the paper is in it's contribution. No one cares what amazing things the system does if it doesn't also bring a contribution to the table. There are many papers which have laid out what should be really nice solutions to really pressing problems that never go anywhere because of niggling reasons reality cares about and academia doesn't. Unless a paper can show that they've overcome a specific problem with their system any future papers that build equivalent amazing systems aren't useful contributions to the field and will face rejection.

To make this all just a little more complex is the problem that no one really has a clear idea on what merits a good contribution. The type of contribution a paper might bring to the table is entirely ill-defined and often only begins to make sense through lots of practice. A contribution can sometimes simply be combining things together in a different way that uses some undefinable yet recognizable spark of innovation and/or insight to transform a series of most theoretical papers into a robust and deployable system. Another type of contribution is providing a fundamental building blocks that don't really yield any immediate benefit but will eventually (hopefully) be used by later systems to change the world. There are many other types of contributions. While all the types of contributions are important, everyone has slightly different ideas on how to reconcile the wide variety of contributions into a coherent scheme which dictates what papers are truly important and which are not.

It can be frustrating to end up giving poor marks to systems you think are good while giving good marks to systems you think are bad. But it's about the contribution, not about the system.

The end conclusion? Paper reviews are hit and miss. A lot of papers are easy to review and most people who read them agree on the outcome. Others however, are much less clear. Often I think, the more interesting papers tend to fall into the latter category.

Dealing with security questions

Thu, 07 May 2009 23:19:36 GMT

These days everyone asks you for a question and answer combination to recover a password online. These often stump me... it's fairly easy to find out where I went to elementary school or what my mother's maiden name is. Everytime I have to make a new one of these I'm constantly put into a bind.

The trickiest part of coming up with a good security question and answer pair is trying to meet two criteria that have an annoying tendency to conflict:

The answer to the question need to be something you'll remember or could easily find out.
The answer can't be something anyone else would know or could easily find out.

It turns out, there is something that matches this criteria quite well. That's relationships and—more particularly for those who have one to take advantage of—a sexual history.

Now this isn't for everyone, obviously some people's sexual history is rather well documented on Web 2.0 and/or rather well known by their friends, but even in some of these cases it can at least cause quite a bit of work for an attacker and can be used for low-security low-risk type of Q&A pairs. Your friends often can mess with you in other ways, logging onto your accounts usually isn't one of the ones they care to bother with. But hey, maybe your friends like messing with you. Whatever, it's up to you.

There's obviously one more concern I didn't quite document either that's brought up rather quickly when you get into relatioinships and sex. The question shouldn't be that embarrassing. Sometimes you end up talking about these over the phone to some poor customer service representative and something like "Who did I first go down on under the bleachers of my old high school that one time?" is probably not a question or an answer you really want to share with them. That's just too much information. (By the way, for those wondering: This is not an example of a valid question that matches my history.)

So what types of questions are appropriate?

Well, did you ever have a short lived relationship? Simply asking the question:
"Who came before Xander?" or "Who came after Yolanda?" where either Xander, Yoland or the person who matches the answer to those questions could be the person you were in that short lived relationship with awhile back that your friends probably (and maybe hopefully?) forgot about by now.

Or even: "Complete the series: Xander, Yolanda, ???, Zeta." For those with more, uhm, elaborate histories the series could even be people you only did a certain types of acts with if you don't want it to be a simple chronological listing of relationships or partners.

Things like "Who was my first kiss?" tend to come up in those stupid Internet quizzes a lot, so avoid those. Things like firsts are often interesting information and people not yourself are likely to remember them. The person you kissed is likely to remember whether or not they were your first, they may not remember whether they were your fourth or fifth... so questions like "Who was the third person I kissed?" is much more likely to be something you'll still be able to answer but other people will find much more difficult.

Now these still leave some room for social engineering, but doesn't everything?

So go meet someone new tonight, it's a security issue.

(In related news... security implications of blogging about how you chose your security questions online? Probably not the best thing to do, leave it to the professionals.)

SCADA Systems

Wed, 08 Apr 2009 16:50:37 GMT

I recently sent a message out to the security research list at UCSD because we've been discussing SCADA systems lately. I thought I'd go ahead and post a variant of the message to my blog.

Before I jump into the body of the message I should probably mention that SCADA is a loose classification of a bunch of different types of systems that deal with industrial controls on private utility networks (among others). When people talk about hackers infiltrating the power grid and scream about the national security implications of something like that, these are the systems they are referring to.

So we've been talking about them. A lot of the security problems around these systems aren't that interesting, but the systems are important so what interesting problems there are with these systems are quite interesting. Here's part of what I wrote:

I recently found some SCADA boxes and got my adventuring companion to take a few pictures of them with her iphone. (Didn't have a camera on me.) I thought a few of you might be interested in the security you might find at these outlying sites.

The particular site we ended up seeing was the Black Mountain site which mostly contains cell antennas. It's easily accessible—you just climb the mountain—but it's remote enough where it's not closely monitored. Certainly if you snuck up there at night you could probably do anything you wanted. I didn't see any cameras either. The site looks like this:

The SCADA systems are nicely labeled:

And are protected with only the finest and most cutting edge security solutions available for under $20 at your local home depot:

(For those of you who don't like picking locks, a pair of metal cutters would do the trick equally well.)

The SCADA boxes aren't even located within any of the locked cages, but to get inside those isn't hard either. This was the typical lock configuration. Talk about the weakest link:

I was perplexed for some time on why they set things up this way and finally realized that they've got a bunch of different organizations using these sites and no common key distribution, so each organization just puts their own lock on the chain and that way each org's field maintenance people can get in without having to coordinate with the others.

I found it slightly amusing that I could throw a lock on there between the two links before their sets of locks and mess up their entire system. One wonders how long it would take before each organization to have their access restored to the site as they'd have to cut the chain and then redeploy each org's locks on there. It doesn't seem like they talk to each other all that well. Of course they could try cutting the lock, but I'm sure you could put a lock on there that would make them opt to cut the chain instead.

You'd think there'd be enough crazy "oh no cell phone towers are killing our children and making my back ache" people out there that you'd get a few who'd want to lock repair people out of these facilities, but I guess this type of attack just isn't that common...

Anyway. I didn't try hooking into any of the SCADA systems. (I didn't have a laptop with me either, this was a spur of the moment hey what's that on that mountain there, let's go climb it and see type of thing. Usually I'd have a small amount of equipment hanging around in my car, but she drove so I didn't have access to that.) So, I can't say for sure how easy it would be to enter their network here, but if you were looking for a place, this is one of many.

We probably have a few on campus too in the facilities complex if anyone wants to take a look.

Interesting thing to note

Wed, 25 Mar 2009 03:20:40 GMT

Nuclear reactors could also be used as desalinization plants.

Using cmake

Fri, 20 Mar 2009 21:51:20 GMT

So today I decided to use cmake for one of my projects. I'm not entirely convinced it's going to save the world yet, but I'm convinced that I should give it a try. qmake is one of my favorite build systems and this seemed like the closest thing that didn't actually require installing qmake. (Which on most distributions still isn't packaged separately from Qt and while I like Qt, requiring it to generate makefiles is a bad plan and a good way to annoy anyone who doesn't already have Qt installed.)

So I dove into cmake. It's reasonably similar to qmake, if a bit more ugly. I usually start out most qmake projects with the "qmake -project" command which stares at the files you have and generates a little basic project file. Then you modify this to make it do what you actually want. cmake doesn't have such a thing by default, so my advice is to do this:

$ wget http://websvn.kde.org/*checkout*/trunk/KDE/kdesdk/cmake/scripts/gencmake $ chmod +x gencmake $ mv gencmake ~/bin $ cd ~/projects/projectname $ gencmake

gencmake has now taken its place as yet another vital script in my ~/bin directory. I hope some of you find it as useful as I did.

So an alternative to blogging

Wed, 11 Mar 2009 18:12:58 GMT

So I haven't been blogging much, but for sharing small inane things I've been using tumblr a bit:
http://djcapelis.tumblr.com/

Not that I've been using that much either, but for those of you who use RSS readers and want more things to aggregate, here's a low-traffic median on which I occasionally link to random things I encounter on this Internet thing.

Shooting yourself in the foot: a case study

Mon, 09 Feb 2009 17:36:06 GMT

This is me complaining about this particular item of news:
http://tech.slashdot.org/article.pl?sid=09/02/09/1348255

This is dangerous. First off, it's ineffective because someone will just create a program that manually loads other programs into its own address space and does co-operative multiplexing between them. While this type of program would actually be fairly easy to create, it causes large changes: This is just going to result in desperate users pushing the identity of a process outside of the control of the operating system into an annoying userspace app. Users will gladly cast aside memory protection and pre-emeption to do this type of thing... it doesn't immediately effect them.

There's two ways this can play out:
1) Microsoft places a limit on fork() (I can't remember the Win32 equiv, but it's there) and forces three applications to actually mean just three processes.
2) Microsoft doesn't place a limit on fork() and everything I said above is null because the one app actually will be able to give memory protection, process identification and pre-emeption abilities back to the OS. Then it turns out Microsoft's restrictions are completely useless and can be nullified by one little small program that re-implements the OS loading code. If it goes ahead and does the right thing to hook the syscalls on the system it'll even be able to do this transparently and getting around these restrictions will be as simple as double clicking on the installer.

It's times like this I almost wish I did a little windows development just so I could write this application and show them how ridiculous restrictions like this are.

In short, the choice Microsoft says they'll be making for monetary and marketing concerns either ends up doing nothing at all except providing an annoyance or provides their end-users with a more dangerous operating system environment that neuters their own OS while still not effectively providing a limit on the number of concurrent codebases running on the computer.

Your turn.

Hmmm... does anyone know what this means?

Tue, 03 Feb 2009 19:52:30 GMT

Anyone know what this means?

[  118.830022] ------------[ cut here ]------------
[  118.830026] WARNING: at drivers/gpu/drm/i915/i915_gem.c:2470 i915_gem_idle+0x179/0x341()
[  118.830028] Modules linked in:
[  118.830032] Pid: 5377, comm: X Not tainted 2.6.28.2-DJC-AES #5
[  118.830034] Call Trace:
[  118.830041]  [] warn_on_slowpath+0x51/0x6d
[  118.830046]  [] lapic_resume+0x171/0x1fc
[  118.830051]  [] _spin_lock_irqsave+0x23/0x2a
[  118.830056]  [] lock_timer_base+0x26/0x4b
[  118.830060]  [] try_to_del_timer_sync+0x46/0x4f
[  118.830064]  [] i915_gem_retire_requests+0xf2/0x114
[  118.830068]  [] i915_gem_idle+0x179/0x341
[  118.830071]  [] i915_gem_leavevt_ioctl+0x0/0x35
[  118.830075]  [] i915_gem_leavevt_ioctl+0x14/0x35
[  118.830079]  [] i915_gem_leavevt_ioctl+0x0/0x35
[  118.830083]  [] drm_ioctl+0x1d2/0x260
[  118.830087]  [] vfs_ioctl+0x55/0x6b
[  118.830090]  [] do_vfs_ioctl+0x373/0x3ae
[  118.830095]  [] vfs_write+0xcd/0x102
[  118.830098]  [] sys_ioctl+0x51/0x70
[  118.830102]  [] system_call_fastpath+0x16/0x1b
[  118.830105] ---[ end trace 3a06ac7332c964b0 ]---
[  118.873541] mtrr: no MTRR for 80000000,10000000 found

xf86-video-intel version 2.6.1, libdrm version 2.4.4, kernel 2.6.28.2, Xorg 1.5.3-r1 (gentoo's patchset) configured for UXA.

Configuration:

aes ~ # gunzip -c /proc/config.gz | grep -i drm
CONFIG_DRM=y
# CONFIG_DRM_TDFX is not set
# CONFIG_DRM_R128 is not set
# CONFIG_DRM_RADEON is not set
CONFIG_DRM_I810=m
# CONFIG_DRM_I830 is not set
CONFIG_DRM_I915=y
# CONFIG_DRM_MGA is not set
# CONFIG_DRM_SIS is not set
# CONFIG_DRM_VIA is not set
# CONFIG_DRM_SAVAGE is not set

aes ~ # gunzip -c /proc/config.gz | grep -i mtrr
CONFIG_MTRR=y
CONFIG_MTRR_SANITIZER=y
CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=1
CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1

aes ~ # xrandr -q
Screen 0: minimum 320 x 200, current 2624 x 900, maximum 2624 x 900
VGA connected 1024x768+1600+132 (normal left inverted right x axis y axis) 304mm x 228mm
   1024x768       60.0*+   75.1     75.0     70.1     60.0*
   832x624        74.6
   800x600        72.2     75.0     75.0     60.3     56.2
   640x480        75.0     72.8     72.8     75.0     75.0     66.7     60.0     59.9
   720x400        70.1
TMDS-1 connected 1600x900+0+0 (normal left inverted right x axis y axis) 443mm x 249mm
   1600x900       60.0*+   60.0
   1360x765       60.0
   1280x800       60.0
   1152x864       75.0     75.0
   1280x720       60.0
   1024x768       75.1     75.0     70.1     60.0
   832x624        74.6
   800x600        72.2     75.0     60.3     56.2
   640x480        75.0     72.8     72.8     75.0     66.7     60.0     59.9
   720x400        70.1

aes ~ # glxinfo | grep -v GL | grep -v extensions
name of display: :0.0
display: :0  screen: 0
direct rendering: Yes
server glx vendor string: SGI
server glx version string: 1.2
client glx vendor string: SGI
client glx version string: 1.4

   visual  x  bf lv rg d st colorbuffer ax dp st accumbuffer  ms  cav
 id dep cl sp sz l  ci b ro  r  g  b  a bf th cl  r  g  b  a ns b eat
----------------------------------------------------------------------
0x21 24 tc  0 32  0 r  y  .  8  8  8  8  0 24  8  0  0  0  0  0 0 None
0x22 24 dc  0 32  0 r  y  .  8  8  8  8  0 24  8  0  0  0  0  0 0 None
0x69 32 tc  0 32  0 r  .  .  8  8  8  8  0  0  0  0  0  0  0  0 0 None

This seems like maybe a configuration issue and not an actual bug... but where do I even look for information about something like this?

Of course, X works... just not terribly well and the last part is definitely a problem. (The part showing no acceleration enabled whatsoever as reported by glxinfo... glxgears gets to about 60FPS when I get lucky and otherwise goes to hell.)

Random gripe only vaguely correlated: The manpage for genkernel does not match the actual tool. The person who changed the tool without updating the manpage for it should be summarily whipped. Bad bad bad to change the command line options on a tool for no apparent reason and then not even update the documentation or leave behind stubs that say "X is deprecated, it's now Y" when the old switches easily map to new ones. Who the hell taught this team how to make a tool? I swear to god as soon as dracut gets just a bit more ready I'm switching to that to make my initrds instead of using genkernel. (Making initrds is the only thing I use genkernel for at the moment now anyways.)

Yet another metric

Mon, 19 Jan 2009 04:05:56 GMT

These are R&D Expenditures in CS and EE for FY2006 according to the NSF. I combined these because it doesn't actually make sense to do them separately. You just get whacky results if you do that, like lists that don't include Berkeley or U Washington or a list that shows CMU and MIT doing terribly. Now I really don't particularly care if someone gets a bunch of data for materials synthesis for nanoelectronic fabrication techniques, there's a lot of other things within CS that I also don't particularly care about. It would be nice if I were to pull more specific funding numbers for say, specific NSF programs like Cybertrust ranked by institution, but I haven't gotten around to it.

What I did here is I grabbed everything that was over 10 million/yr in expenditures on each of the CS and EE lists and then combined them to create a composite index of combined EECS spending. (Which is why none of the programs below $20 million have a combined rank, because I didn't combine the full sets.) I also included a few different institutions I found interesting just for kicks including most of the UC system and a few ivies along with some more random ones. A few of them have comments about their YOY trends (which are present on the CS numbers only for this analysis) including departments that look like their funding generally is unstable and problematic or departments that are on upward or downward trends or appear to have just landed or lost one large grant.

Dollars in thousands:

Overall Funding Rank	CS Funding Rank	EE Funding Rank	Institution	CS Funding	EE Funding	Combined Funding
1	4	1	JHU	70,268 (less than 10%+/- YOY for 4 yrs)	133,026	203,294
2	7	2	Georgia Tech	47,560	114,330	161,860
3	1	19	CMU	117,865	20,626	138,491
4	3	9	University of Illinois, Urbana Champaign	81,675 (Large YOY decrease)	39,819	121,494
5	2	15	University of Southern California	93,573	24,539	118,112
6	5	5	University of California, San Diego	64,466	50,185	114,651
7	11	4	Pen State System	32,371	62,257	94,628
8	8	10	UT Austin	41,897	37,600	79,497
9	6	14	MIT	49,500	28,701	78,201
10	NR	3	University of California, Berkeley	NR	74,978	74,978
11	9	21	University of Maryland, College Park	37,605	19,857	57,462
12	13	12	Stanford	21,922 (Persistent YOY increases)	31,938	53,860
13	10	22	Ohio State System	33,693	16,211	49,904
14	29	8	Virgina Tech	10,032	39,819	49,851
15	12	26	Cornell	28,091	14,372	42,463
16	43	11	Purdue University	8,232	34,201	42,433
17	26	13	University of California, Santa Barbara	10,671	31,081	41,752
18	NR	6	University of Michigan System	NR	41,133	41,133
19	NR	7	Utah State System	NR	40,972	40,972
20	19	18	University of California, Los Angeles	15,992	21,426	37,418
21	27	16	Arizona State University, Main Campus	10,409	23,949	34,358
22	16	31	University of Massachusetts, Amherst	17,404 (less than 10%+/- YOY for 4 yrs)	11,575	28,979
23	25	24	University of California, Irvine	11,699	15,223	26,922
24	21	35	University of Wisconsin, Madison	14,454	10,793	25,247
25	18	NR	University of Minnesota System	16,606	7,799	24,405
26	NR	17	University of Washington	NR	22,874	22,874
27	30	30	Princeton University	9,779	12,903	22,682
28	37	29	Brown	8,839	13,459	22,298
29	14	NR	University of Hawaii, Manoa	21,252	NR	21,252
30	51	28	Drexel University	6,763	13,729	20,492
31	28	36	Clemson University	10,226 (5x YOY increase?!)	9,910	20,136
32	68	25	North Carolina State University System	4,907	15,124	20,031
NR	NR	20	Vanderbilt University	NR	19,924	19,924
NR	59	27	University of Arizona	2,285	14,283	19,786
NR	20	NR	University of Utah	15,020	3,147	18,167
NR	15	NR	University of Chicago	18,144 (Big YOY increases lately)	NR	18,144
NR	61	34	University of Florida	5,479	11,329	16,808
NR	22	NR	University of Illinois, Chicago	12,594	4,184	16,778
NR	17	NR	Oregon Health and Sciences University	16,702	NR	16,702
NR	44	NR	University of California, Davis	7,795 (Big YOY increase)	8,372	16,167
NR	NR	23	Northeastern	NR	15,976	15,976
NR	36	NR	Caltech	9,136	6,430	15,566
NR	73	32	Duke University	2,285	11,570	15,497
NR	42	NR	SUNY Stony Brook	8,366 (Large YOY fluctuations)	6,692	15,058
NR	87	33	Rensselaer Polytechnic Institute	2,285	11,367	14,446
NR	23	NR	Indiana University System	12,397	NR	12,397
NR	24	NR	University of North Carolina, Chapel Hill	11,764	NR	11,764
NR	69	NR	Dartmouth	4,821	5,943	10,754
NR	99	NR	University of California, Santa Cruz	2,285	4,632	6,917
NR	67	NR	Yale	4,940	NR	4,940
NR	100	NR	University of California, Office of the President	2,243	NR	2,243
NR	NR	NR	Just for Kicks, UCSD + UCB + UCSB + UCLA + UCI + UCOP	NR	NR	304,881

University of Hawaii, Manoa seems to have come out of nowhere... I'm really surprised they're raking in as much money as they are. It would be interesting to see what grants are currently outstanding with them...

For those wondering why U Washington is so low... I would guess that it might have to do with proximity to a certain alternative computer science funding source around the Redmond area. Why bother with federal funds when you can just walk across town and ask for a check?

Curiosity, it just doesn't stop.

Sun, 18 Jan 2009 19:39:50 GMT

So someone on a forum suggested that something weird seems to have happened with the AS elections and the votes in favor of the referendum plus those against didn't add up to the total. In addition, the turnout numbers seemed remarkably high given the usual apathy of our student body. While I strongly doubt the university intentionally altered the results and even doubt that the university accidentally had an error in the software they used to collect the votes of the students on campus, I couldn't state for certain that this was not the case. This bothered me.

So this morning I sent the following:

From: D.J. Capelis
To: (easily determined, but I'm removing this information anyways.)
Cc: (easily determined, but I'm removing this information anyways.)
Subject: Public Records Request: Source Code for Recent AS Election
Date: Sun, 18 Jan 2009 11:25:51 -0800

Hello,

This is a public records request under the California Public Records
Act, which as I'm sure you're well aware, occupies sections 6250 though
6270 of the California State Government Code, inclusive.

This request is being sent to the official e-mail address of the campus
public records coordinator and is being cc'd to (edit) in
case the university feels that this request relates to student records.
Arguably, the relation is tangential, but for completeness I'm opting to
notify this individual as well as requested by
http://adminrecords.ucsd.edu/IPARecords/Index.html

The information I am seeking for disclosure of is any and all computer
applications (in the form of electronic source code) that tabulated,
counted, computed, validated or authorized the votes in the recent
Associated Student Fee Referendum held earlier this month. I am not
seeking the release of any individual student information, votes,
records or logs at this time, but simply wish to audit the source code
involved in the processes listed above.

I welcome any assistance your office wishes to provide me in creating a
narrower or more focused request as provided by section 6253.1 of the
government code. I would like to also reiterate that I am requesting
these records in an electronic form as provided by Section 6253.9 of the
government code.

If your office deems that these records are not required to be released
under the California Public Records Act, I would respectfully remind you
that several portions of section 6254 of the government code explicitly
state that the university is allowed to release records it is not
explicitly required to release under the act. I would encourage you to
do this as the public interest is best served by transparent and
auditable elections and the university should be a champion for
increased transparency. Further, release of these records allows the
university to alleviate suspicion, however small and insignificant, of
misconduct or inadvertent error during the voting process.

Further, if the university ends up denying this request for release of
records under the terms of this act, I would be happy to accept the
records under different terms. If these alternate terms were to
including requirements which prevent me from disseminating the actual
records themselves, this would be acceptable so long as the terms do not
prevent me from disseminating the results of my audit. (The university
will of course, be provided with a copy of the audit and terms which
would allow the university to request I not release the audit publicly
for up to 30 days after the university receives it would also be
acceptable, though unfortunate.)

It seems to me that the university could only benefit from this as I
have been employed within positions of the university where I had far
greater access to such data and have been called upon to audit source
code in the past. You would in fact, be receiving my work for free in
this instance as well as serving the public interest and clearing up
doubt around an elections process. Electronic voting is an area of
increasing public concern and having a third-party audit and report
their results would only provide benefits to the university. I would be
happy to provide the university with a summary of my qualifications and
if necessary, affidavits from researchers who have been involved in such
reviews at the state and federal levels which would testify to my
qualifications to perform such an audit.

Respectfully,
D.J. Capelis

I'm expecting them to deny the request in whole under several sections of the act and opt to pursue none of the alternatives I outlined for them. But I figured I'd at least give them an opportunity to say no.

An "old" project

Sat, 17 Jan 2009 23:52:54 GMT

Last year in CSE 240B (UCSD's graduate level parallel architectures course) I took the opportunity to design a new ISA for my final project in the course. I've always disliked the fact that ISA design is no longer a field of research anymore and so I started off with ambitious goals:

The fundamental principles of ISA design have remained the same for decades. The gigahertz wars of the 1990s adversely impacted ISA design. During this time, ISA design has been stagnant. Yet with the rise of multicore platforms, this is starting to change. We are seeing active research on dataflow architectures and ISAs which have been forgotten for years, if not decades. This makes today an exciting time to be an ISA designer. This project tried to re-capture some of the spirit of the original ISAs and create something rather different, whacky and perhaps a little fun.

In reality, the ISA I designed has the following properties:

It's truly atrocious to try and program with
Portions of it are completely unwise and infeasible to implement in hardware
Some of it is just not well thought out

That said... it's a very interesting project and contains some things are a bit strange:

(That should really say "instruction stream" and not "process" under the "kill" instruction there... did I mention this paper was hastily written for a class project during finals week?)

Some of the fundamental ideas *or* vaguely interesting results:

Treat data like code and code like data. (Arguably I didn't go far enough with this and should have looked at making the data implicit and not via registers... not sure how this would have ended up working though...)
MIMD on the instruction set level
Bring loops into hardware
Loops sometimes easily transparently decomposed onto multiple cores
Modular instruction set designed to support heterogeneous manycore architectures
Automatic core migration based on available capabilities and functional units
Native and "fast" hardware synchronization primitives via wait/kill (which is arguably just a weird implementation of free/busy bits)
Extremely small set of core instructions

Naturally, I implemented exactly none of this functionality in hardware and this was more of a fun thought exercise than anything else.

The presentation on the project can be accessed here and the hastily written final project report can be accessed here.

I'm not sure if any of this actually makes sense if you were to try and just read the documents I've posted, so feel free to e-mail me if it doesn't.

Reposted with minimal comment

Fri, 16 Jan 2009 00:05:39 GMT

This was a message posted to the university's system administrator's list today. I agree that it symbolizes a notable shift and felt the need to repost it here.

With no additional commentary, the first part of the announcement is as follows:

ACS/Software Distribution started in large part about 20 years ago to support
the Sun Software consortium. Today I got word that Sun is no longer offering the
sunsolve software support contracts such as we have had. So 1/31/09 when our
current contract ends, will mark the end of an era.

The large movement to the free distributions of Solaris and tools such as MySQL,
and xVM Virtual box (http://www.sun.com/software/) seems to have marked the end to
the need for paid OS updates and such as we have historically provided.

The UC system agreement that currently ends 04/25/2009 (with probability of
renewal), is a baseline price schedule agreement for all Sun Hardware, Software,
and Data Storage from Sun and what was StorageTek (The separate StorageTek
agreement was merged with the sun Agreement). This does not include any specific
software or support activities, just the discount structure from their list
prices. But we do plan on keeping our discount agreement going system wide.

What replaced the sunsolve OS support? Sun now sells OS support priced by the
"Socket", (not the cpu core). The details on Solaris Subscriptions (pricing per
socket) are detailed at:

http://www.sun.com/service/subscriptions/prices.html

This support can be acquired for either purchased Solaris, or OpenSolaris, to get
access to non-public patches and such for Solaris 7 and later as I read it.

Other software service plans are detailed at:

http://www.sun.com/service/serviceplanssoftware/index.jsp

And software support information specifically specifically starts at:

http://www.sun.com/software/index.jsp

Looking back

Wed, 07 Jan 2009 09:21:50 GMT

There's a point after you start a project where it takes on a life of its own and you are no longer the sole force in the world keeping it alive. A lot of open-source projects never actually reach this point and many project sites like sourceforge are littered with projects you've never heard of that died because their main developer stopped working on it.

This isn't a bad thing and we've all had a few projects like this. It's just part of the natural ebb and flow of software development.

Tonight I looked at all the projects I started and tried to find the first one that reached this point. The answer, as it turns out, is a modest plugin I built for mediawiki a few years ago: http://www.mediawiki.org/wiki/Extension:Shibboleth_Authentication

I think this might have been the first complete piece of software that I was able to take from idea through implementation and end up at a point where today, I rarely even know what the current version number is. I no longer fix any bugs on the project and my last change to the source code was to change the comments at the top of the file to indicate that I was no longer the maintainer.

Now this isn't that the projects I've left all died, I've been part of plenty of successful projects that carried on just fine when it was time for me to leave. Before this I had also had code I developed independently for things survive me before, but usually because it was integrated into a larger project and a larger developer community took ownership of it. This plugin seems to be the first instance I can remember where the project I wrote ended up with enough of a community where an independent project I started kept going after I left it while staying independent.

Anyone else want to share what the first project you started that didn't die when it was time for you to move on?

(Your answers don't have to be confined to open-source projects, but if it's a project from within a software company it really should be about a project you actually started, designed, implemented and drove yourself.)

It was easier than setting up a mailserver...

Fri, 02 Jan 2009 12:01:20 GMT

Okay, so maybe this is not the best way to "prove I have an ipv6 enabled mailserver" but it was definitely a way.

djc:~# nc6 -l -p 25 220 ipv6mail.capelis.dj HELO ipv6.he.net 250 Hello! MAIL FROM: <ipv6@he.net> 250 ok RCPT TO: <ipv6@ipv6mail.capelis.dj> 250 ok DATA To: From: ipv6@he.net Subject: IPv6 Certification Mail Test Please insert the following code into the website at http://ipv6.he.net/certification: XXXXXXXXXX . 250 ok QUIT

Type fast to avoid a timeout. :)

(Also it's a little confusing because netcat actually never tells you when someone's connected, so just assume a connection happens after you press the send button.)

Also does this mean I now *am* an IPv6 complaint MTA? Like personally?

Sometimes...

Fri, 02 Jan 2009 07:43:17 GMT

So since I have no idea what's actually going to happen with my life in six months combined with the year rolling over and bringing on what can sometimes be a problematic period of self-reflection... I made one of these:
---------- 1 djc djc 695 Jan 1 23:38 /home/djc/docs/planb

So, with that taken care of, I can get back to other things.

(And yes, actually having something written down, even if it's only 695 bytes of a plan, does actually make me feel a lot better. It's not even that good! It doesn't have to be, that's not important. It just needs to exist.)

Research highlights for the year

Thu, 01 Jan 2009 01:03:47 GMT

Sometimes it's nice to take an opportunity to just take a look at what you did in a year, so here's my research highlights for the year:

I invented escalation accounts with pam_escalate.
I re-invented the session layer with fived.
I re-architected virtual memory with AppSheath.

Not too bad.

Lots of implementation work to do still though.

Cholesterol Screening

Mon, 29 Dec 2008 11:00:50 GMT

Now that I'm back in San Diego, I can compare my results from my cholesterol tests with the previous ones and actually see what's causing this still in range and totally fine but monotonically increasing cholesterol number.

Here's what I was worried about:

So while none of the scores are that high (200 mg/DL is borderline) the trend certainly is slightly worrying and I was slightly concerned that if this continued I was going to be having to worry about my cholesterol by the time I was 25.

But it turns out, a lot of the increase in my total cholesterol since last time was actually my HDL rising:

HDL is supposed to be "good" cholesterol... (Under 40 is bad, above 65 is good.)

And the LDL has been mostly stable since the last test:

(Under 100 is good, under 130 is okay, above is borderline to high.)

And the triglycerides account for the rest of the jitter in the data:

(Anything below 150 is fine)

But mostly this is an opportunity to have fun with Google's chart API.

(For those just tuning in, my family has a history of heart disease and I'm overly cautious in checking my cholesterol so I can continue my steak, sugar and eggs diet without worry.)

60 Senate Seats Would Have Been Bad

Wed, 03 Dec 2008 13:29:31 GMT

I think Democrats can all breathe a sigh of relief now that, as of Georgia's runoff, there's no possibility of them reaching 60 senate seats this cycle.

The wild idea of getting 60 senate seats was an incredible goal that everyone wanted mostly because that's the next threshold after 50. I'm not sure how many people actually carefully considered whether it would be desirable to have exactly 60 democratic senators, placing the entire government in democratic control only if the democrats had immensely strict party unity.

That last part is the problem. There had been reports for a long time now from Washington insiders which basically indicated that anything over 57 seats was going to be enough to break almost all filibusters. The idea that the party in the majority can't find 3 people to cross is kind of ridiculous, the idea that democrats can't find 1 or 2 is even more so.

So 57 is enough to actually get almost any kind of legislation through. Why would we want 60?

It turns out, 60 senate seats would have been the one of the most dangerous things that would have happened to the Democrats this election. Consider the power dynamics of 60 seats. First off, since the Republicans are mostly powerless, they'll be huddling in a corner feeling totally attacked and will vote with a surprising amount of unity that might be unlike anything we've seen in the Senate before. See the California State Legislature where this type of behavior occurs every summer.

Second, the 60 seat majority means every single Democratic senator has an immense incentive not to vote the party line. Even a threat of voting against filibuster would allow a Democrat to force concessions, add pork, do whatever to reign the individual senator back in. At exactly 60 votes, the Democrats just don't have enough senators to spare to discipline anyone. (See for instance, what happened with Lieberman. (I-CT)) This means that at 60 seats the democratic party, far from being unified for change, instead consistently fractures, deals with internal fighting and united Republican party. Bipartisanship happens only for stasis and never for change and herding cats in the Senate becomes Obama's largest job. Not fun.

Third, at 60 seats, everytime the Democrats lose a filibuster on an important piece of legislation... the public is going to see it as the Democrat's failure to govern. At anything less than 60, you can still blame republican obstructionism, even when it isn't. The Democrat's next step needs to be able to get to 63 in 2010 to avoid these problems, so they can't afford any bad PR while they're in power.

Fourth, the Republicans being at 42 or 41 seats is going to fracture their party just as much or more than the democratic party would be fractured. Their party is already doing very badly because of the national elections, but the demographics in the Senate will help amplify the larger battle for the GOP's soul and hopefully split the entire party. Each Republican senator will have a huge incentive to defect and vote for cloture. The Democrats can add gifts to the bills at random, the Democrats can ask for votes that are politically problematic to filibuster (See SCHIP) and the every single time a Republican defects he can do so claiming that he's a leader in the new era of the bipartisan push for change. On politically popular items, that's going to be a big incentive for any Republican to tell their own party to go to hell.

Summary: At 58 or 59 seats, any bipartisanship in the Senate leads to change. At 60 seats, any bipartisanship in the Senate leads to the status quo. Which do you think is more appropriate given our President-elect?

So while I don't like Chambliss (R-GA) as a person or even as a senator, I'm quietly glad he won. It means Republican party fractures instead of the Democratic party. While it's mean to want either of them to fracture... I know which side I'd prefer to have an incentive to screw their party and cooperate.

For anyone who'd prefer just to read political commentary: Just the political entries of my blog - Feed with politics entries only Don't yet have nice links for anyone to use to *exclude* political commentary though.

TripLog - Silicon Valley - Sept 4th

Mon, 01 Dec 2008 14:24:55 GMT

This is part of my continuing series where I recount my trip in September instead of doing the work I need to do today.

(The tense continually switches while I write these for reasons I haven't quite figured out, please try not to let it annoy you too much. Still trying to work out the whole active writing that still allows for brief asides from the present to plop into the middle of the text when needed issues.)

This is the second entry in the series of entries on my trip. You can follow the whole series here

Recall from last time
At this point I've just gotten into the Bay Area and crashed at the aptly named Chez Fun, where IPv6 internet, spare couches and a few of my friends are all easily accessible. Having gotten into town around 6am, I went inside and passed out on a couch rather quickly.

Sept 4th — Around 10:30am
After 5 hours of what seems to be satisfactory sleep, I wake up to an unfamiliar ceiling in the middle of silicon valley. I'm surprisingly oriented and after an attempt at getting my bearings, am in the car driving towards Stanford.

The night before, I had printed out directions on how to get to Stanford, a campus map and a few names of some professors that appeared to be doing interesting work. Since I was in the area, I figured I might as well stop by and see the school and maybe bother a professor or three. Since this was the closest to where I was staying, I figured it was a good place to start.

After wondering a bit on the campus, having made the foolish mistake of assuming that the top of the campus map would point north, I finally find my way to the Gates Computer Science building. As it turns out, this was not nearly as helpful as I hoped it would be. None of the professors I wanted to talk to were in their offices. It was break for them, so this wasn't entirely surprising, but still disappointing. On the upside, I take the chance the see the campus and the offices of a few people of note. Walking around the building and seeing some of the names on the doors was fairly interesting.

Having mostly failed to do anything other than give myself a tour of their campus (which I found interesting enough to make the trip worth it) I go ahead and get online briefly to reconnect with my friends in the area.

Sept 4th — Ten minutes after Noon on #sdcolleges
12:10 < DJCapelis> HA! 12:10 < DJCapelis> I couldn't get on the wireless here... but I found an old sun workstation. 12:11 * DJCapelis doesn't have a real console emulator 12:11 * DJCapelis needs to change his password on his workstation :( 12:12 * DJCapelis is at stanford 12:12 < Tautoz> stanford? 12:12 < Tautoz> what are you doing at stanford? 12:13 < numist> DJCapelis: at home I have an open AP with the SSID: 12:13 < numist> should work fine on the desk-side of the house 12:13 < numist> Tautoz: he's here for the Graton Invasion 12:13 < Tautoz> well, yes 12:14 < Tautoz> oh, right, it's up by where you guys live 12:14 < numist> it's walking distance, yeah 12:14 < numist> although, when I left there were no cars at Chez Fun, so he probably drove 12:15 < DJCapelis> I did, I parked at the hospital 12:16 < DJCapelis> I decided to bother some people here and see what I could see 12:16 < DJCapelis> no one is in their office :( 12:16 < DJCapelis> On the upside, I found Knuth's office. 12:17 < DJCapelis> btw, Tautoz... lunch? 12:18 < Tautoz> DJCapelis: I carpooled, so don't have a car 12:18 < DJCapelis> I do

And so it was settled. I arrive about an hour later at Yahoo, where Tautoz is working. We run out to a nice Pakistani place in the middle of the Valley and have a good lunch. When we get back to Yahoo, Tautoz is nice enough to show me around a bit. It's an interesting campus and I can see where it gets a reputation on being one of the companies that define the traditional working environment in Silicon Valley. Many are remarkably similar to each other. Yahoo's rendition is pretty good.

Before I leave Tautoz, we call a mutual friend and let him know we were coming to dinner. I make some plans with Tautoz for him to skip his carpool and we plan for me to come back later and grab him for dinner after he's done with work.

After saying goodbye to Tautoz, I grab my map and see which of my friends is working closest. I make a phone call.

Sept 4th — A little after four
I pull up in one of the myriad of Cisco's many parking lots and try and figure out where I am. Cisco opts for the "many small buildings (and by small I mean four story buildings) scattered about over a bunch of land" approach to building office space and so it can be a little disorienting to figure out which building it is you need to go. The other thing that's odd about the campus is while you walk around, you notice almost everyone is Indian. No one seems to be exactly sure why that happens at Cisco, but it is interesting nonetheless. After clarifying with my friend which building he works in, I take off towards his building and arrive in the lobby.

I get a visitor's badge (needed one at Yahoo too) from the receptionist, my friend arrives downstairs, signs me in and we're off. Being both a prick and a security guy, I do what any security person would do when given a visitor's badge and put it out of sight in my pocket. My lack of badge did not cause a stir, or even a glance, through our entire visit. In my experience, this was fairly typical of most Silicon Valley companies where they require a visitor's badge at the perimeter but do little once you're inside the doors.

It seems to be a reasonable enough approach. The only exception to this was Apple and VMware, which each represented the "we really care about building security" and the "we don't care about building security" extremes of the spectrum. I'm still not sure which is the approach that makes more sense, there's certainly an attractiveness to the VMware open environment and one wonders if the cost/benefit of what Apple does is really worth it. That said, these environments probably are the right choice for each of these companies as they have some different kinds of needs and attitudes towards secrecy in general.

Anyways, since my friend happened to be working in the core routing group, the story picks back up in the server room for his floor: Racks stretch across the entire expanse of the room just full of routing equipment, which perhaps makes it more of a router room than a server room. I stare at the amazing number of differently colored fiber cables just strewn about the place. While the room isn't exactly disorganized... it's clear they use the place.

My friend shows me the equipment his project and as we're walking down the racks I turn to him and ask "hey are those HFRs?" They were. Two HFRs just sitting there, side by side. They weren't the only pair in the room. For those of you who haven't clicked on the wikipedia article the link points to, the official name for the router is "Carrier Routing System" but the codename is much more simple, and apt: HFR, or Huge Fucking Router. The marketing group vehemently disagrees and says it stands for Huge Fast Router. Sure.

Anyways, that was one of the most impressive rooms I've ever set foot in.

After chatting a little bit more about what it was my friend was actually up to all summer, I leave about an hour after I came and wandered back towards Yahoo to pick up Tautoz.

Sept 4th — Dinnertime, San Jose
Tautoz, a San Jose native, guides me through a dizzying number of surface streets to reach downtown San Jose from Yahoo without actually going on any freeways. We arrive at Ben's place in time for dinner. After knocking on the door, we're shown in, get a small tour and meet their new puppy. As new puppies are prone to do, it's both loud and quite cute. I have to say, it was pretty interesting to see my friend in an apartment, with a puppy and a boyfriend. He transitioned from college student to stable adult pretty damn fast.

So then we went out to dinner in Japantown. We pick a place that Tautoz and Ben agree on, so the fact that the place was good was hardly a surprise. We all have an excellent dinner and after dinner walk back to their place and continue discussing random topics for awhile. We eventually part, I drive Tautoz back to his place and end up back at Chez Fun for the night.

I get online, get a little bit of work done and finally get my second full night of sleep for the week. (September 4th was a Thursday, for those keeping track.)

Possibly inane self-reflection

Fri, 28 Nov 2008 21:22:09 GMT

I've never liked New Year's resolutions. I understand the attractiveness of them, I understand why they're something people sometimes do, but I think people's track record of success with accomplishing their New Year's resolutions speaks for itself.

Today is named black friday. One interpretation of this name is that this is the day of the year that stores, which had been losing money for the year, first became profitable for the year. The merits of this interpretation aside, the idea is an interesting one. The kernel of the idea is that it's the period between now and the end of the year that stores would end up deciding how much profit they were going to earn for the year. Everything they had done up to this point put them in a position not to lose money, but only the last days of the year determined how ahead they'd end out the year.

This year, this period is 34 days long. 34 days from now, the year will be over. You'll have a "fresh" beginning and a new year to define, but this year will be over.

In other words... there's only 34 days left to do amazing things this year.

So what do you want to accomplish in the next 34 days?

TripLog - Silicon Valley - Sept 3rd, Sept 4th

Sun, 23 Nov 2008 13:59:35 GMT

I decided to go ahead and blog about the trip I took to Silicon Valley, Graton and Hillsboro before I forget more of it. The trip was almost two months ago now, so we'll see how much I can actually recall. The reason this trip had three destinations was that while my main objective was to visit Intel's campus in Oregon to give a talk, I also had been meaning to visit my parents whom I hadn't seen in some time, and my friends, who all fled San Diego at the beginning of the summer for internships or jobs. So with all these competing things I had meant to do, I figured I might as well make a trip out of it.

A little bit of background: My preferred method of traveling between San Diego and Northern California is to drive. I leave San Diego around midnight to minimize traffic along the route and going the opposite direction, leave around 18:00. This puts me in each of the major traffic areas (SF, LA) in times where traffic is light and ensures that for the most part, I don't have to drive through the central valley during the daylight. Because, as anyone who drives through the central valley knows, the only thing worse than driving through it in the middle of the night, is driving through it in the middle of the day.

This is the first entry in what will end up being a series of entries about my trip. You can follow the whole series here

Sept 3rd — A little under two hours to midnight

I've packed, put fuel in the car and done a small inspection. (Standard pre-trip: Are the tires out of air? Are any lights on on the dashboard that shouldn't be? Are the oil levels okay?) I've stocked the car with water and snacks, most of my luggage is in the car and ready to go. My slides are on CD, a flash drive and on the harddrive of my laptop. I've got instructions to my friends' various houses and let a few people know I'll be sneaking into their homes early in the morning to crash on their couch. I've got a list of where my friends work, and plans to simply show up at their office and say "hi."

But I'm not ready to go.

You see, I had sent a paper to one of my professors only a few hours before and was waiting for him to get back to me. It was a whole new draft that I had stayed up all night before working on. It was a complete re-write, discarding a considerably weaker approach I had attempted before. Having grabbed a few hours of sleep between the time I sent him the paper and the time I started packing, I was waiting on his e-mail telling me he had read it. I needed his comments before I left town for two weeks overlapping the conference deadline.

I had e-mailed him earlier in the evening to make sure he was in fact going to be able to provide some feedback, but it was getting close to the time that I really should be on my way.

It's 22:30 by the time I notice the e-mail in my inbox that was sent six minutes earlier telling me I should show up in about 20 minutes. Relieved to be going, I hop in my car and drive to campus.

Sept 3rd - An hour and 15 minutes to midnight

I arrive at campus. I card into the CSE building, where the doors insist it's past working hours. The building is still humming with all the CSE students who know just what a preposterous notion that is. Arriving at the professor's office, I walk in, say hi and sit down.

Surprisingly, there's remarkably little red ink on the paper. He tells me that the paper's reasonable, the approach is improved and for the most part he thinks we're ready to go. He fires off a wry comment about how it might be better if I could figure out how to produce good work before deadlines instead of right next to them and the conversation slowly turns to various pleasantries, the trip, the talk I'm going to give and a few other smaller matters.

I walk out of the building later on with my paper with his comments on it.

Sept 4th - Minutes after midnight

I'm on Interstate-5 moving north at speeds illegal in 50 states.

Sept 4th - Around 3am

I stop at the Lost Hills exit, refuel, visit the bathroom, take a small walk and continue.

Sept 4th - Not significantly past 5am

I finally exit I-5 and head west on highway 152. I've never driven this road before. While I grew up not too far north of the Bay Area, I know very little about the South Bay. I head over the hills and become increasingly surprised by just how busy this road is at 5 in the morning. After awhile, the highway goes from four lanes to two and I quietly curse whoever decided that a two lane road should be the entrance to the South Bay. Fortunately the sun is rising and the scenery is pretty, so I'm happy enough to move at a speed legal in all 50 states...

Jumping onto the 101, I head north. Now I'm back on roads I'm familiar with, just have never actually driven before. I exit 101 to head west on highway 85 to I-280. After a drive through a slumbering silicon valley that's a bit longer than I expected, I exit and head to a small little neighborhood near Stanford. Two of my friends are housed for the summer with some people I know, but hadn't met. They live in a large house that's perfect for the role of playing host to weary visitors.

I parked out front, grabbed a few of my bags from my car, went in and settle down for a well deserved nap.

This is the first entry in what will end up being a series of entries about my trip. You can follow the whole series here

More on today's California Supreme Court order

Thu, 20 Nov 2008 02:03:53 GMT

In today's order agreeing to hear cases S168047, S168066, and S168078, the California Supreme Court agreed to hear the following questions: (Paraphrased)

1) Is Prop 8 a revision to the California Constitution and therefore ineligible to utilize the amendment process?
2) Does the passage of Prop 8 violate the separation of powers in the California Constitution?
3) What is the status of existing same-sex marriages that were legally performed before Prop 8?

For the most part, we knew Questions 1 and 3 were going to show up and that's what everyone was preparing to see argued, but Question 2 took a friend of mine and myself by surprise. I kinda originally ignored it because I figured it was just some random other argument someone brought in one of the cases to hedge against a failure in the original revision argument... but I decided to look it up and see what that argument was.

Well, I have to say I'm extremely disappointed with the people arguing here, because the argument they advanced here is thoroughly insane and ludicrous. I'm almost surprised the court decided to hear this portion of the complaint...

The origin of this question arises from case S168066. Paragraphs 19 - 21 of the amended petition provide the explanation of this argument:

20. Proposition 8 also violates the separation of powers doctrine embodied in the California Constitution. "From it's inception, the California Constitution has contained an explicit provision embodying the separation of powers doctrine. (Cal. Const of 1849, art. III, § 1, now art. III § 3.) Article III, section 3, provides: 'The powers of State government are legislative, executive and judicial. Persons charged with the exercise of one power may not exercise either of the others except as permitted by this Constitution." Superior Court v. County of Mendocine, 13 Cal. 4th 45, 52, 51 Cal.Rptr.2d 837, 841 (1996). 21. Under the separation of powers doctrine, "the Legislature may not undertake to readjudicate controversies that have been litigated in the courts and resolved by final judicial judgement." Superior Court v. County of Mendocino, 13 Cal. 4th 45, 52, 51 Cal.Rptr.2d 837, 841 (1996). 22. The power of the electorate in the initiative process is the constitutional power of the electors "to propose statutes ... and to adopt or reject them" (Cal. Const., art II, § 8, subd. (a)), and "is generally coextensive with the power of the Legislature to enact statutes." Santa Clara County Local Transportation Authority v. Guardino. 11 Cal. 4th 220, 253, 45 Cal.Rptr.2d 207, 228 (1995). Thus, the initiative process violates the separation of powers doctrine when it is used to readjudicate controversies that have been litigated and settled by the courts.
Note: Contents transcribed from the petition by hand and may not be accurate against the original document to the letter. The original may be accessed here: http://www.courtinfo.ca.gov/courts/supreme/highprofile/documents/20081105135855223.pdf

I can't decide whether this argument is creative or desperate, but either way it ends up being pretty insane. Basically the court would have to rule that the people are bound by the same separation of powers doctrine that officials are bound by and their powers under the constitution are limited by this precept. This alone seems pretty insane, especially when you consider that the power being exercised here is that of constitutional amendment and not simply of initiative of a statue. This is a power the legislature simply doesn't have, so the argument that the people's power to do this is the same as the legislature is absurd.

Moreover, the clear intent of the framers in providing the people with the initiative process was to provide an appropriate check against the government going shapes. Clearly the principle of checks and balances applies here. Declaring that the people should be unable to "readjudicate controversies that have been litigated and settled by the courts" is entirely antithetical to the intent of checks and balances and even from a high level perspective this argument is deeply flawed and sets a dangerous precedent. (In fact, it engraves a certain permanence to precedent that just shouldn't be there. While I agree the initiative process allows court rulings to be overturned much too easily, it clearly is within the domain of the initiative process to do, though it would be nice if it took just a bit more than %50+1.)

What a weird argument. What were the lawyers on this one thinking?

The revision argument is much much better and actually has a chance of success. I guess it's always nice to give the court something to say reject so they can end up making a mixed ruling instead of one that just does exactly and completely what one side does... but come on folks, was there no better argument?

Or did I just miss something?

The California Supreme Court agreed to hear the arguments to overturn Prop 8 today...

Thu, 20 Nov 2008 00:43:10 GMT

Want to see what happens with the cases against Prop 8 that were take up by the California Supreme Court today? (For those of you who hadn't heard: The order: http://www.courtinfo.ca.gov/courts/supreme/highprofile/documents/S168047_S168066_S168078-11-19-08_ORDER.pdf Brief analysis from Calitics: http://calitics.com/showDiary.do?diaryId=7579)

If so, these links will allow you to subscribe to notifications for the three court cases that were approved for hearings before the California Supreme Court today. You can just enter your e-mail address, click "check all" (unless you want to be more selective) and hit submit. The system will send you an e-mail to verify, you follow a link and you'll be registered for notifications on the case.
http://appellatecases.courtinfo.ca.gov/email.cfm?dist=0&doc_no=S168047
http://appellatecases.courtinfo.ca.gov/email.cfm?dist=0&doc_no=S168066
http://appellatecases.courtinfo.ca.gov/email.cfm?dist=0&doc_no=S168078

I registered for updates on these cases today:

Personally, Kennard's dissent on today's order is something that I find pretty scary. I'm not sure why she's voting that way... I'm worried that she thinks there won't be four votes for this. It's pretty easy to see why she might think that: The three dissenting justices from In Re Marriage either are deferential to the people's will (Corrigan) or don't believe there's a constitutional right to same-sex marriage in the first place. (Baxter, Chin.) So it seems likely that all three votes against from last time look like they'll remain opposed, that means that all four justices from last time have to agree with the logic of revision v. amendment and its implications.

That said, Corrigan does believe same-sex marriage should be legalized. Unfortunately, he seems one of the justices least likely to change his stance given the deference he gave to the voter's approval of an initiative and therefore it seems hard to believe that he would argue the voter's amendment was incorrect. However, it's not inconceivable that he might be sympathetic to the procedural and technical arguments on this one anyways. I wouldn't count on it though.

I think Moreno and Kennard will probably vote that prop 8 is a revision and not an amendment. Moreno because of his wish on today's order that marriage licenses continue to be issued and Kennard because of her longstanding votes and opinions in favor of same-sex marriage. Given George wrote the original opinion in In Re Marriage so it seems somewhat likely that he would vote for this as well. Werdegar will probably end up being the crucial swing vote on this one. (Frankly though, I don't know these justices' histories well enough to speculate and portions of this are completely rampant speculation based on what little I do know.)

I'm hopeful that the case will end up overturning prop 8 as a revision and not an amendment, stating strongly that 50% + 1 can't take away fundamental constitutional rights... but I'm also worried that there may not be four votes for it. Should be interesting to watch.

libtasn1 issue in macports

Sat, 15 Nov 2008 02:09:03 GMT

So... I've been experimenting with OS X and seeing whether or not I can actually use this operating system. (If not, I'll put Linux on this machine.) Anyways... in installing various things through macports there appears to be an issue with the current version of libtasn where the version installed doesn't include a libtasn1-config which means all the packages that relied on this no longer work and since it's macports everything's broken and not a whole lot of people are really working on it. (It seems like a good enough project, just vastly undermanned.)

Anyways... here's a solution until they solve it:

root@tea ~ # cat /opt/local/bin/libtasn1-config
#!/bin/bash PREFIX=`cat /opt/local/etc/macports/macports.conf | grep ^prefix | cut -f 2- | xargs -n 1 echo` if [[ $1 == "--libs" ]]; then echo "-L${PREFIX}/lib -ltasn1" fi if [[ $1 == "--cflags" ]]; then echo "-I${PREFIX}/include" fi if [[ $1 == "--version" ]]; then echo "1.6" fi

Just throw that in /opt/local/bin/libtasn1-config (or in a different place if your prefix is elsewhere... or frankly anywhere in your path that you want.) and then chmod x /opt/local/bin/libtasn1-config.

There's a bug already filed about this issue in the context of gnome-keyring here: https://trac.macports.org/ticket/17197

Here's another bug I filed trying to get them to include this script by default with the newer versions of libtasm until the software that depends on it switches to no longer rely on this: https://trac.macports.org/ticket/17253

OS X and I are having an ... interesting time getting to know one another.

Edit: Use this instead:

#!/bin/bash IFS=":" for dir in $PATH; do if [ -e `echo ${dir}/etc/macports/macports.conf | sed s/\\\/bin//` ]; then CONF=`echo ${dir}/etc/macports/macports.conf | sed s/\\\/bin//` fi done if [ ! -e ${CONF} ]; then echo "No configuration for macports found" exit fi PREFIX=`cat ${CONF} | grep ^prefix | cut -f 2- | xargs -n 1 echo` if [[ $1 == "--libs" ]]; then echo "-L${PREFIX}/lib -ltasn1" fi if [[ $1 == "--cflags" ]]; then echo "-I${PREFIX}/include" fi if [[ $1 == "--version" ]]; then echo "1.6" fi

update: This is probably the best solution (someone else was nice enough to point out I was being stupid to do otherwise):

#!/bin/bash ${prefix}/bin/pkg-config $1 libtasn1