Regular Expression Crossword Puzzle #

Via Kottke and @grimmelm, the Internet delivers a wonderful regex crossword.

Difficult, entertaining, and, as @grimmelm says, “It’s not as bad as it looks.”

I did it in pen. Successfully.

Still, through the middle third of it I kept wondering if it would be easier to write a back-tracking search tree program to solve it for me…

Yes, there is a single, unique solution.

TSA Confiscates “Dangerous” Stuffed Toy Accessory #

A TSA agent in St. Louis made air passengers everywhere rest easier by confiscating a “dangerous” two-inch prop gun that was accessorizing a stuffed animal. [via Lowering the Bar]

On Monday, the TSA issued a statement, saying “TSA officers are dedicated to keeping the nation’s transportation security systems safe and secure for the traveling public. Under longstanding aircraft security policy, and out of an abundance of caution, realistic replicas of firearms are prohibited in carry-on bags.”Susan Wyatt, “TSA agent confiscates sock monkey’s pistol”, KING 5 News, 8 December 2013

Right. Because a 1/5-scale toy the size of a couple of quarters is a “realistic replica.”

Muppets: Swedish Chef and Gordon Ramsey #

A Sociologist Interrogates the Criminal-Justice System #

Great story from the Chronicle of Higher Education about a sociologist embedded in a poor, high crime neighborhood.

Via Next Draft.

iOS 7.0.4 Update Caused Data Loss #

I’m not having much luck with software updates this season.

I happily clicked “Agree” to update my (not jailbroken) iPhone 5 to the most recent software update, iOS 7.0.4. Something must have gone wrong, because it dropped to an error screen that insisted the phone by plugged in to iTunes … and the only this iTunes would do with it was a full restore.

My last phone backup was a month ago. One month of data, pictures, call logs, save games: gone.


Jenkins CI Install Failure on OS X #

I’m sampling Continuous Integration (CI) tools for a project I’m working on. One of the most ubiquitous open source options in Jenkins, which comes with a convenient package installer for OS X.

It installed without errors, but when it came time to run Jenkins (browsing to http://localhost:8080/ ), my browser(s) wouldn’t connect.

The installer built its own log files as \var\log\jenkins\jenkins.log, which helped unravel the mystery: Java wasn’t installed.

Huh? I’ve taught courses in Java from this machine. Java was installed.

Turns out, upgrading to Mavericks “helpfully” removed Java without telling me. A placeholder app is still there in /usr/bin/java, but it simply loads an alert prompt to download and install Java … an alert prompt the fails silently when run by a daemon (which by definition can’t access windowing functions in the OS), like Jenkins.

As LaunchDaemon will attempt to re-run the failing Jenkins every 10 seconds, turn it off temporarily if you need to (re)install Java:

sudo launchctl unload -w /Library/LaunchDaemons/org.jenkins-ci.plist

Re-enable by repeating the same command, but using load instead of unload.

CMU Password Cracking Study #

The landmark study is among the first to analyze the plaintext passwords that a sizable population of users choose to safeguard high-value accounts. The researchers examined the passwords of 25,000 faculty, staff, and students at Carnegie Mellon University used to access grades, e-mail, financial transcripts, and other sensitive data. The researchers then analyzed how guessable the passwords would be during an offline attack, such as those done after hackers break into a website and steal its database of cryptographically hashed login credentials. By subjecting the CMU passwords to a cracking algorithm with a complex password policy, the researchers found striking differences in the quality of the passwords chosen by various subgroups within the university population.Dan Goodin, “It’s official: Computer scientists pick stronger passwords”, Ars Technica, 8 November 2013.

One of the funnier conclusions: Those associated with the business school tended to have the weakest passwords.

A very unusual data set, available due to remarkable circumstances:

Plaintext passwords were made indirectly available to us through fortunate circumstances, which may not be reproducible in the fu- ture. The university was using a legacy credential management system (since abandoned), which, to meet certain functional re- quirements, reversibly encrypted user passwords, rather than using salted, hashed records. Researchers were never given access to the decryption key. Mazurek, et al. “Measuring Password Guessability for an Entire University” [pdf], 22 October 2013.

From reading the paper, the “cracking” was based on guessing from pre-composed password lists, based on publicly leaked lists, and experiments with Mechanical Turk.

Super interesting. The steps researchers had to go through to protect privacy and keep the IRB happy are exceptionally thorough, including code review and secure facilities.

We were required to submit all the analysis software needed to parse, aggregate, and analyze data from the various data sources for rigorous code review. Upon approval, the code was transferred to a physically and digitally isolated computer accessible only to trusted members of the university’s information security team. Through- out the process, users were identified only by a cryptographic hash of the user ID, created with a secret salt known only to one infor- mation technology manager.

We were able to consult remotely and sanity-check limited output, but we were never given direct access to passwords or their guess numbers. We did not have access to the machine on which the passwords resided — information security personnel ran code on our behalf. Decrypted plaintext passwords were never stored in non-volatile memory at any point in the process, and the swap file on the target machine was disabled. All analysis results were personally reviewed by the director of information security to ensure they contained no private data. We received only the results of aggregate analyses, and no information specific to single accounts. After final analysis, the source data was securely destroyed.


Professors’ Manifestos: “I Quit Academia” #

A few weeks old, but still worth a link:

Ernst’s Oct. 20 essay [“Why I Jumped Off the Ivory Tower”] is a deeply honest account of his acrimonious departure from what many would consider a dream job: a tenured position as a philosophy professor at the University of Missouri.

Ernst’s contribution is indeed part of a raucous subgenre of “I Quit Lit” in or rather, out of academe, which includes Kendzior’s own acidic “The Closing of American Academia,” Alexandra Lord’s surprisingly controversial “Location, Location, Location,” and my own satirical public breakdown. All of us faced, and continue to face, the impressively verbose wrath of a discipline scorned, which itself is the completing gesture of initiation into the I Quit Oeuvre.

It is still exceptionally rare for a tenured academic to publicly and voluntarily leave the field. To understand the way the concept is viewed by academics, please say that phrase aloud the way you’d say “contract syphilis.”  Despite their widespread and documented unhappiness, most associate professors the rank one achieves upon being granted tenure stick it out until the end, for numerous reasons. First, while tenure does not actually mean “a job for life no matter what,” it does offer a level of security absent from other professions. Moreover, by the time a professor makes tenure, she has usually been so heavily socialized by the “Total Institution” of the Academy that to leave it would be almost akin to death.

Rebecca Schuman, “Quitting academic jobs: professor Zachary Ernst and other leaving tenure and tenure-track jobs. Why?”, Slate, 24 October 2013.

EFF: “Thank You, Patent Trolls” #

The EFF, lauding the Innovation Act of 2013, also offers thanks to patent trolls:

But, really, the trolls have done all the hard work for us. They targeted app developers for using generally available technology. They sued small city governments for using bus tracking software. They went after businesses for using scan-to-email technology and the kind of WiFi routers you would buy off the shelf at Best Buy.

Julie Samuels, “EFF Thanks Patent Trolls for Best Troll-Killing Bill Yet”,, 23 October 2013

Ars has a great write-up of the bill too. Time to contact your Congress-person.

Mavericks Install Stuck in Reboot Loop #

I attempted the Mavericks upgrade on my old (2009) Mac mini, which is several versions behind (10.6.8).

After the lengthy download (with no progress bar in the old version of the Mac App Store), the computer rebooted and attempted the install. A few minutes into it, I encountered the following error message:

The OS X upgrade couldn’t be started because the disk Macintosh HD is damaged and can’t be repaired. After your computer restarts, back up your data, erase your disk, and try installing again.

Click Restart to restart your computer and try installing again.

Clicking “Restart” leads to a restart loop, as on rebooting it reattempts the Mavericks install, resulting in the same error message. Apple’s online support was unable to fix the issue (and recommended Recovery Mode, which of course didn’t work, as this feature was introduced after 10.6.8.).

So, the long and short is, my computer is now unusable, thanks to attempting the Mavericks upgrade.

Thank goodness I have a backup. I hope it’s usable.

(The install on my much newer MacBook Pro took some time, but went without a hitch.)

UPDATE: After a trip to the Apple Store, the tech wiped the disk and installed Mavericks. In the end, I had to hang around the mall for a couple of hours during the install, and restore from backup when I returned home. All together, it ended up taking most of the day.

Hire Tom! Hire Tom!