Music Boxers, Band Retrospectives

In the annals of music, there are a few bands that make a lasting impression. Emo-Metal legends Particle Decelerators have spent three decades leaving a mark like an armor-piercing bullet through a ham sandwich. Their first album, "Crushed Vervet" (1983), showcased their driving beats, screeching guitars, and morose lyrics, which noted Rock Beets critic James Snoofleburger described as sounding like "The Smiths on a Red Bull colada."

The band is fronted by the dynamically mopey Cruze Cahntral. Cahntral's eccentric vocals are backed by Elmer Elmerson's trademark untuned guitars, Vinnie Greengrocer's bass, and Gargantula's drums. Gargantula has one of the only home-made drum sets in professional music, and the uniqueness of the sound is evident in many of their tracks, especially when the supporting frames give way during a recording session.

Following on the heels of Vervet were "Colonoscopation" (1984) and "Budgerigargoyle" (1984), which featured the pugilistic quiet energy which launched them to superstardom. Their first world tour, from April 1985 to March 2007, was the group's first foray from their native Barstow. They returned briefly in 2011 to pick up a change of socks.

After a brief post-tour hiatus, Particle Decelerators released their fourth album, "Deflation", in 2013. While it lacked the high-adrenaline feel of their earlier work, the single "The Big Zip" rocketed up the adult contemporary charts, where it spoke to fans' arthritis and the attendant difficulty of closing pants over incontinence garments.

Enraged by the album's reception, Particle Decelerators disbanded, though there's already talk of thirtieth anniversary reunion tour.

A Wake for a Bird

The Holidays. Several weeks of worrying about travel, embarrassing relatives, forced conversations with people with whom you have nothing to talk about. Sure, there's some quality eating to be done, but after your end-of-year "vacation," you're looking forward to getting back to work, right?

OK, I get along great with my family, but this is the kind of lament that, if you haven't experienced it yourself, you know people who have, and do year after year. Wouldn't it be nice to have the good part of the holidays (that is, the food) without the obligations of family?

I propose a new annual tradition. Every year, friends should gather and have a huge meal. Thanksgiving turkey-with-all-the-trimmings minus the "Thanksgiving" part. Because every tradition needs something more than "that day we all stuff ourselves silly," my proposal is to hold a good old-fashioned wake. The guest of honor? Why, the deceased, of course. The reason we're all assembled. The turkey.

The organization of a wake is a personal thing, of course, but if I might make one suggestion, it would be for each diner to say a few words in the departed's honor. If each eulogy is accompanied by, say, a shot of whiskey, I certainly would not disparage. The whole idea is for everyone to enjoy the occassion, so have fun with it. Give the turkey a name, make up a back-story, share personal anecdotes. And don't worry if different people's stories are inconsistent.

So, when should this new holiday be held? Sometime between Thanksgiving and Christmas (or your solstice-adjacent holiday of choice or custom) would perhaps be ideal, as a lighthearted break from holidays steeped with long-held traditions of no real immediate relevance. That might not be practical, however, depending on your and your friends' travel plans. Besides, after Thanksgiving everyone is sort of burned out on turkey. A few weeks beforehand, however, and you can justify it as a Thanksgiving dress rehearsal. You might even get some interesting ideas for new dishes to add to your family's Thanksgiving, if you're willing to brave the silent or vocal scorn of your relatives, for whom it's just not Thanksgiving without the same menu as the last century of Thanksgivings. And that's almost reason enough to hold a Turkey Wake—new side dishes, a new kind of gravy, stuffing made with cornbread instead of regular bread; the possibilities are endless!

I hope that this year you'll hold a Turkey Wake, with as many friends as you can. And spread the word. Next year, I want to see a line of Hallmark Turkey Wake cards, tacky cardboard decorations in all the supermarkets, and Turkey-Wake-themed songs on the radio. The following year, I want to hear people complain, "It's not even Halloween, and already they're putting up the Turkey Wake decorations!" This thing is going to be huge.

Feel free to leave your own ideas, including for a better name than "Turkey Wake," in the comments.

Bullshit Update

I'm still happy to take requests for long-form bullshitting here, but I'm also bullshitting on Google+ in smaller, bite-sized pieces.

Testing some markup features

This post has no real content of interest.

Ideally, this part should show up normally, though I've put it in its own <div> block.

If this is the second paragraph, then it didn't work.

Creating a Private Blog on a Free Blogging Service

There are a few problems with Facebook (and similar services):

1. It's a walled garden
2. You have no control over your data (even though you think you do)
3. You're not the customer, you're the product

Free blogging sites get around problem 1, but not the other two. Generally, you have even less control over your data, since the whole point is to publish so that everyone in the world can potentially read it. To get around all of these problems, you'd need to host your own site, which can be a pain and costs more than it's worth to most people.

So, what can we do with a free blogging site? We can post encrypted articles, and only distribute the keys to the people we want reading them. Not only have we removed problem 1, since anyone with the appropriate crypto can read the articles, but we've also partially removed problem 2. Why partially? I'll get to that in a bit. We still have problem 3, but that's an economic reality for any free service. You can, however, shop around for a service that treats you as a product with dignity, at least, and you can potentially find a paid blogging service that doesn't support encryption (or whose encryption you don't want to use), at which point you become the customer, and just a little more human in the eyes of the service.

Why might you not want to use a perfectly functional encryption service provided by a blog host? It's a question of who has the keys. It's almost certain that the host would have your encryption keys, and would provide the encryption and decryption on the fly. While convenient, it's still a loss of control, and they can hand your decrypted data to anyone they choose (though you may have some contract protections in this regard). It's also likely that they'll use password-based authentication. We're going to use public-key authentication, and we're going to do it in a way that's fairly easy and robust againt forgotten passwords.

Let's consider the following scheme. You write a new article for your semi-private blog. The bulk of this article (or maybe just a small part of it) is a well-delimited block of ciphertext. Maybe it looks like the following:

BEGIN CRYPTOBLOG
Key: http://some.location/key_identifier
66fa53d9b7b04210a54853e406d7b119...
END CRYPTOBLOG

We use special tags to denote the beginning and end of the special contents. This is easy for a person to pick out visually, and is also easy for a program to parse. The first line points to a URL with keying information for this article. We'd expect many articles to use the same key, since there's no reason not to. Keys should be changed occasionally, to prevent certain attacks that come from large amounts of available ciphertext, and when you want to deny someone who previously had access to your articles access to any new ones. We'll use a nice strong symmetric key encryption algorithm, such as AES-256.

We now have our encrypted article, how do we distribute the keys? The simplest way to do this is through another blog post. We have one key, but we want to make it available to a potentially large number of people. Let's say each of them has an RSA public key. A simple way to propagate the key is with a list of the following form:

Alice   E(Alice,key)
Bob     E(Bob,key)
Charlie E(Charlie,key)

Here the first column is the person's name, and the second is the key encrypted with that person's public key. This isn't great, from a privacy standpoint, because you've just transmitted the names of all your friends. Slightly better is

Pubkey(Alice)   E(Alice,key)
Pubkey(Bob)     E(Bob,key)
Pubkey(Charlie) E(Charlie,key)

Now we haven't revealed anyone's name, but we've revealed their public keys. This allows someone to correlate public keys between subsequent AES keys, revealing the degree of churn in your list of friends. Also, by publishing pairs of public keys and ciphertexts, you're potentially giving an adversary a leg up in cracking the corresponding private keys. Since just a smidge more paranoia costs us very little, let's instead go with the following:

H(Pubkey(Alice)|E(Alice,key))     E(Alice,key)
H(Pubkey(Bob)|E(Bob,key))         E(Bob,key)
H(Pubkey(Charlie)|E(Charlie,key)) E(Charlie,key)

The first column is now a hash of the person's public key and the ciphertext in the second column. Note that previously, your friend could immediately recognize the appropriate line of keying material to decrypt in order to retrieve the AES key. Now he or she has to perform a simple hash based on each line until one of them matches. The hash function doesn't have to be particularly great for this, so we can use something simple like MD5 without worrying about security or privacy being appreciably compromised.

What are our security and privacy properties now? Well, your semi-private articles should be well protected by encryption, and your friends should be able to recover the symmetric key. The identities of your friends are protected, for the most part. What data does this system leak, though?

1. The hosting service knows who's retrieving your posts, though not who's successfully decrypting them.
2. The world in general knows how often you are posting.
3. The world in general knows how long your posts are.
4. The world in general knows how many people are able to read your posts.

We could do better if we were self-hosted, but this is about the limits of using a free service like Blogger. If you think you have a way to reduce the amount of data leaked, please let me know.

That's the scheme, but how to implement it is another matter. We'd like to have some way for someone to navigate to an article, and be presented with a decrypted page. The easiest way to do this is probably to create a Firefox extension. Note that this must be written in javascript and CSS. The state of cryptography in javascript isn't great, from what I've found poking around online. If a person's public and private keys are loaded into the browser, then the extension should be able to use them to decrypt first the symmetric key and then the article. The extension should probably cache the ciphertext (not the plaintext!) of the symmetric key, since it'll likely be used multiple times. The URL identifies the keys sufficiently at that point.

For most people, the public key is likely to be the most intimidating part. Someone running Linux can easily create an RSA key using OpenSSL. There's no need for a signed certificate. I don't know what would need to be done on Windows. If the blogger is reasonably crypto-savvy, then a BER- or DER-formatted RSA public key, an X.509 certificate, or a PGP/GPG certificate should be equally effective mechanisms for relaying public keys. Generating the list of ciphertexts for a new symmetric key will probably be done on the command line. We'll worry about friendlier interfaces later.

A really nice feature of a scheme like this is that if one of your friends forgets his private key password, he can just send you a new public key and you can either email him the key ciphertexts or edit the old postings to add the new public key's cipher.

Schwoops!

I'm drinking a bottle of tonic water, and I just noticed the following warning:

CONTENTS UNDER PRESSURE. CAP MAY BLOW OFF CAUSING EYE OR OTHER SERIOUS INJURY. POINT AWAY FROM FACE AND PEOPLE, ESPECIALLY WHILE OPENING.

This leads me to believe that someone, somewhere, had this happen to them. Someone was twisting the cap off a bottle of tonic water, when the cap, straining like a bronco that had been drinking from an espresso-laced stream, exploded forth as a tiny missile of blindness-inducing plastic. Or perhaps the victim wasn't the person opening the bottle. Image the tragic scene. A young mother, a thirsty child. "Sure, you can have some tonic water." Then, tragedy. Now little Johnny will never play baseball again.

Maybe I'm wrong. The truth is, we may never know what prompted this warning, nor how much gin was involved.

This is Just Ridiculous

We've had about 45" of snow since Friday, with another 10-20" predicted for today and tomorrow. Buffalo has had about 60" this season. Buffalo. We might get more snow than Buffalo.

I haven't lost power yet, but my parents were out for over 30 hours, and Pepco still reports over 12,000 customers who haven't yet had their power restored (down from over 100,000). The roads are plowed, though many not to their full width. The snowplow crews have worked incredibly long shifts, with little or no time for sleep. They've got nowhere to plow the snow, so they've had to haul it away.

At the rate roads have been getting cleared, it's going to take at least all day Thursday before they'll be passable again. That's assuming the road crews can pull the sorts of hours they have been. Oh, and the local governments have already pretty much exhausted their snow-removal budgets for the year.

The next front looks like it'll pass to our south, dumping rain (and some wintery mix) on the South/Southeast from Texas to Florida. There's another one up in the Northwest, though. I have no idea what direction that one's going to go.