Rand Wacker

Download Skype for Mac OS X

ferlatte says it works well

OK, I’m a day late, but I wanted to remind everyone to take a moment and look outside and enjoy the crisp new air and shortening days. Before you know it we’ll be inside all the time due to rain and it will be getting dark before you leave work. I don’t know if I’m excited or scared…

More evidence of a Google browser (kottke.org)

Its hard to know what to eat these days. One day we hear something is good for you and the next day we hear a new study that shows it had a hidden characteristic now makes it dangerous. Fish and other seafood seem to be a classic example of this, the two biggest problems we hear about today being high levels of mercury, and environmental impacts.

I was curious as to what the cross-product of these lists would be, specifically:

• FDA Mercury Levels in Commercial Fish and Shellfish
• Monterey Aquarium Seafood Watch

I AM NOT A DOCTOR, NUTRITIONIST, OR ANYTHING ELSE THAT WOULD MAKE THE FOLLOWING STATEMENTS MEDICALLY SOUND.

Everyone should read the following FDA statement on What You Need to Know About Mercury in Fish and Shellfish (particularly for children and pregnant/soon-to-be pregnant women).

So by comparing these two lists I see that the “safer” fish appear to be (lower levels of mercury as well as environmentally sensitive):

• Catfish (Farmed)
• Clams (Farmed)
• Crab (Snow, maybe King)
• Oysters (Farmed)
• Salmon (Wild Pacific)
• Sardines
• Shrimp (Trap caught, not farmed)
• Tilapia (Farmed)
• Trout (Farmed)

If you expand this list to include fish that isn’t on the “low” mercury list but isn’t on the “really high” list, or that are listed as “Caution” on the environmental:

• Bass - Medium mercury levels
• Cod (Pacific) - Atlantic supplies are overfished
• Halibut (Pacific) - Medium mercury levels
• Lobster (Pacific) - Medium mercury levels
• Tuna - Medium mercury levels
• Scallops (Bay) - Concern for farming methods
• Squid - Risk of overfishing

Note that there are a few known low-mercury or safe-environment fish on here that I couldn’t find on the other lists, so I left them out: Mackeral, Mahi Mahi, etc. The FDA/CFSAN Seafood Information and Resources page is useful as well.

The CTO at our company sits on the editorial board for a new magazine being put out by ACM (Association for Computing Machinery). Its called “Queue” and its one of the best (of the few) magazines that I read these days. Harkening back to the original days of Wired, Queue recognizes that the web has forced magazines to focus on substance pieces, and that’s exactly what Queue does. Each month it picks a broad topic and delves in to some of the more interesting social/political/technical issues in a series of articles and interviews with many of the people who have created the backbone of the Internet as we know it today.

Anyways, they’re offering a free subscription to their print version right now, so if you’re in the mood I recommend you check it out.

We’ve never been a fan of the no-carb diet craze that has been so popular around the country. Besides the long-term health impacts, I think that the whole idea of meat-meat-meat eating is just a little too wasteful (a la most everything else in America). Brain made an insightful comment the other day in that, “if you describe the health problems in America due to our food intake to someone in other parts of the world, they would either laugh hysterically or get very very angry.”

While Lex and I eat fairly balanced diets, and we do a lot of cooking of different things for a wide variety of different foods, I have noticed lately that we’ve started to eat/drink a little too much sugar. Baking cookies at home, sugar in my coffee/tea, even Alexis’s favorite cranberry juice cocktail is loaded with sucrose. The result has been an increase in blood sugar swings due to my somewhat sensitive insulin levels (I wouldn’t say diabetic, but there is a tendency that way in my family). Neither of us are overweight by any means, but since we’re getting “older” I’ve noticed that the winter weight didn’t really come off this summer.

She picked up a copy of The South Beach Diet because she had heard it was written by a cardiologist and focused on blood chemistry more than weight-loss. As I read through the text more and more I was interested to see that it reflected a lot of what my parents have always been telling me about eating. My Mom has always come from a granola-y health foods background and pushes whole grains, less sugars, less processed food. My Dad has always come from a scientific background WRT diet and preaches staying away from refined sugars and white breads, pastas, etc. In retrospect they were both preaching the same things, I just heard them differently.

In essence, it appears to me what The South Beach is all about. Their slant is not to cut carbs out completely, ratchet down calorie intakes, or create a special balance of protien/fat/carbs. The basic idea is to regulate blood chemistry and insulin production by avoiding the refined and processed sugars and carbs that have become such a mainstay of the American diet. Examples of why is is bad abound in the text. For example, eating a donut in the middle of the morning might fill you up temporarily, but there is so much sugar (both in the sweet and the white flour of the cake itself) that it is going to spike your insulin production really high, and when the sugar is processed out of your bloodstream your are going to crash, get hungry, and probably eat something else really bad for you (this whole cycle really resonates with me at the office). Instead, the recommendation is to be sure to eat meals that are going to process through your system slowly, eat good snacks in between meals to keep your blood sugar from dropping too rapidly, and most of all, take everything in moderation.

The diet starts out with a pretty draconian two weeks of no sugars/dairy/breads, in an attempt not to rid yourself of carbs and send your body into a cannibalizing state of ketosis, but to break your dependancy on those sugar fixes which cause the insulin roller coaster. During these two weeks you eat usually eggs/omelets for breakfast, salads with some protein at lunch, and then a fish or lean meat entree with lots of good green veggies on the side. No Cokes, no bread, no fruit, and hardest for me probably…no beer (the maltose in beer has the highest glycemic index of all sugars). After the first two weeks are up things become a bit more liberal. You can re-introduce things like whole fruit and red wine, and bread/pasta/rice can be had in limited amounts as long as you opt for whole-grain versions and (counter-intuitively) make sure to eat them with some fats (like good olive oil) in order to slow their digestion. Again, the whole idea is to prevent the sugar roller coaster (the book likens eating a slice of white bread on its own to consuming a tablespoon of sugar…an image that sticks with you).

A lot of attention is paid to what kind of processed foods you’re buying. The “low-fat” craze of the past 20 years (before Atkins) saw many companies replace the fat in their food with, usually, plain sugar. So for example, “light” mayonnaise has fewer calories from fat, but the third ingredient on the list is corn syrup! The South Beach claims that people should be aware of what fats are “good” and “bad”, and choose wisely (olive oil, canola oil, and eggs are all good fat, so regular mayo is OK; butter is bad fat…but still not nearly as bad as trans-fats). When talking about this with Rob he likened a lot of ideas like this to what he’s been reading in The Mediterranean Diet, which talks a lot about the good fats found in natural oils, cheeses, nuts, etc. So today was our first day of Phase 1 on the diet.

We’ve been preparing for the past week knowing that we couldn’t start with Lex in her crazy two-job schedule. Yesterday was a fun morning at Berkeley Bowl as we started to get really creative about what we could do with the ingredients we knew we could use (the meal plans in the book are somewhat limiting). Today I’ve been cooking most of the morning in order to get meals ready for us to take to work over the next week (I think we’ll end us saving money on this plan as well since we’ll be doing a lot more cooking at home). All in all I like that fact that I’m taking the time to think a lot more about what I’m eating and to take care in preparing food for me and my family. Its a fun reason to extend our usual breadth of dishes, and I’m hoping it will get us both thinking with a more open mind about some different food alternatives. So, lets see what happens…

Update: Two weeks later…

(I had this buried in a pile of electronic notes I was cleaning up…I think it’s originally from our Resomp days. Anyways, it has been useful to us in the past, so I thought maybe it would be useful to others in the future. Updates to me.)

These are rough and ready notes on how to create your own cert-signing CA for use with OpenSSL so you can do limited generation of site-specific certs:

Why?

Basically, to save yourself some cash. While there are many
real certificate authorites (Verisign and Thawte being two
common ones… check your browsers certificate signer list for
more), they all charge you money in order to sign your SSL
certificate. While it is important to have your site
certificate signed by a trusted authority if you are running an
online business, it is less important if you are simply
concerned about password and account security and would like to
have services such as imaps (SSL secured IMAP) and https (SSL
secured HTTP). It is for these people that this HOWTO is
written.

Software

I used the OpenSSL package, available from
http://www.openssl.org. Be aware that if you use this package
in the USA, you need to obtain and install the RSAREF toolkit,
in order to be complient with silly US patent laws. The rest of
this HOWTO assumes that you are using this package.

Configuring OpenSSL

We use a homerolled packaging system called /opt. It works
pretty well with apps that use Autoconf, but OpenSSL doesn’t,
so here’s what you have to do:
./Configure --openssldir=/opt/openssl-0.9.3a
linux-elf
will configure it properly. the --prefix flag
doesn’t do the Right Thing. After installing, move all programs
in the misc subdir into bin, and make a symlink from the
openssl binary to ssleay for backwards compatability.

Now, you have to configure the openssl.cnf file, and setup
your CA. Make the following changes to the openssl.cnf,
replacing CA_rescomp.berkeley.edu with your own CA name.

    set default_ca to CA_rescomp.berkeley.edu
        change [ CA_default ] to [ CA_rescomp.berkeley.edu ]
        set dir to /opt/openssl/CA_rescomp.berkeley.edu
    set countryName_default = US
    set stateOrProvinceName_default = California
    set localityName_default = Berkeley
    set 0.organizationName_default = Office of Residential Computing, UC Berkeley
    uncommented keyUsage
    uncommented subjectAltName
    uncommented issuerAltName
    uncommented keyUsage under [ v3_ca ]
    uncommented [ v3_ca ] subjectAltName and issuerAltName
    uncommented [ crl_ext ] issuerAltName

mkdir /opt/openssl/CA_rescomp.berkeley.edu, and chmod 700.
Then, edit the CA.pl and change the $CATOP variable to point to
./CA_rescomp.berkeley.edu”

Setting up your very own CA

Run CA.pl -newca. Hit Enter to create a new CA,
and enter a signing passphrase. THIS IS VERY IMPORTANT! If this
signing keypair is lost or compromised, then all of the keys
that you have signed are also compromised. Accept all of the
defaults (which you setup in your openssl.cnf), and use
ca@yourdomain.com as your email addr. (Be sure that
ca@yourdomain.com actually points to someone useful, as this is
where certificate requests will go). It is
very important to protect the CA_rescomp.berkeley.edu
directory. Ideally, it should be stashed on a floppy somewhere
safe, and only taken out when needed to sign new certificates.
If this directory is compromised, you’ll need to start all
over, and invalidate all of your certs that have been signed
with your CA. This sucks, so don’t let it happen to you.

Now, you need to put your CA’s public key in your SSL key
database. For example, I setup all of my SSL enabled tools
(stunnel and mod_ssl) to use /opt/openssl/ca-certs. The odd
looking symlink is the x509 hash, which is a unique identifier
stored in the client certificate, which allows the server to
locate the proper signing authorities key.

mkdir /opt/openssl/ca-certs
cp CA_rescomp.berkeley.edu/cacerts.pem ca-certs/rescomp.berkeley.edu.pem
cp -a src/certs/* /opt/openssl/ca-certs
cd ca-certs
ln -s rescomp.berkeley.edu.pem $(openssl x509 -noout -hash < rescomp.berkeley.edu.pem).0

Now your’ve got your Certificate Authority up and running.

Stunnel Certificates

openssl req -new -keyout imapd.pem -out imapd.pem -nodes
openssl ca -policy policy_anything -out imapd.cert.pem -infiles imapd.pem
cat these files together (cert then key)

mod_ssl Certificates

generate as above
common name is the FQDN of the webserver
cat them together (cert then key)

To add the CA to Netscape

add to the httpd.conf
    AddType application/x-x509-ca-cert cacert
cp CA_rescomp.berkeley.edu/cacert.pem to a web accessible place

To create client certificates for Netscape

openssl req -new -keyout username.key.pem -out username.pem
openssl ca -policy policy_anything -out username.cert.pem -infiles username.pem
openssl pkcs12 -export -in username.pem -inkey username.key.pem -certfile /opt/openssl/ca-certs/rescomp.berkeley.edu.pem -name "username@rescomp.berkeley.edu certificate" -out username.p12
Import into Netscape

To create client certificates in Netscape

setup html and cgi files
get cert request in /opt/apache/data/cert-reqs/filename.random
openssl ca -policy policy_anything -spkac clireq1234.1234565773 -out signed1.cert
Added to httpd.conf
    AddType application/x-x509-user-cert cert
cp signed cert to filename.cert and download in Netscape

E Series > comparison chart” href=”http://www.shure.com/earphones/eseries_comparison.asp”>Shure Earphones > E Series > comparison chart

This is just lovely. Someone discovered your brand new U-Lock is not safe! Apparently some of the most popular Kryptonite bike locks with the circular keys can be opened up by shoving one of those cheap Bic Pen bodies in and twisting. Video here (more linked from the above page).

Kryptonite is offering free replacements for locks less than two years old and upgrade discounts for older locks (see website for details).

Having seen this and last year’s security paper vulnerability about master key locks I’m not so confident in the physical security we use IRL (In Real Life). Even worse, the guy who published the Lock Vulnerability paper keeps getting hate mail and threats from locksmiths in the industry, who have apparently not heard that “security through obscurity” just doesn’t work.

UPDATE: Excellent Ebay Auction Here

I’ve been hearing about this for a year, seen my friends buy lame FM transceivers to do it, watched BMW make a half-hearted attempt…but finally, real iPod integration is coming to an after-market car stereo near you.

I haven’t bought an iPod yet because I always have my laptop with my full music collection with me, and when I don’t I can use my Palm to play a few albums here and there which is really nice. But ever since I packed all of my CDs in to boxes down in the garage I’ve been driving around with the same lame CDs in my car for like the past two years. Being able to easily integrate 20+ gigs of music in to the car would be fantastic; and yes I know there are plenty of other tools to do this, but they are either a pain to use or sync or maintain or don’t have good sound.